Now you all can invite me on skype for any kind of help required as my username is krackoworld


27 May 2011

Download ‘The Hackers Underground Handbook’ For free of Cost


learn_to_hackNow a days,learning Hacking or becoming a perfect hacker is something quite difficult to do due to many reasons like lack of knowledge,interest,money problem etc. Thus everyone wants to become a hacker but actually they are not because either they need a good trainer or an Book. Since books are very costly to purchase in todays world. Therefore I Bring you an E-book of Mr.David which costs around  $20 at http://learn-how-to-hack.net/ and with my skills I hacked it one and giving my readers for free of cost for completing their dreams.

How To Hack : Learn Hacking From Professional Book Free .

The Hacker’s Underground Handbook will guide you through password hacking, windows hacking, malware, phishing, web hacking, network hacking and Linux (intro, installation, etc.). .

The Hacker's Underground Handbook which contains information unknown to 99.9% of the world will teach you the hacker's ways.

A great starting book which will guide you in the right direction, helping you understand the basic concepts of computer security and matters that you should take in consideration.

Other Benefits of this E-book-

1.You will be started to thing like Hackers

2.Full Covered topics on Ethical hacking and Cyber security

3.Extra knowledge in the field of hacking what 0.1% people have

Download it Here

And also subscribe to our Email via this box given below for getting more E-books at free of cost.

Subscribe via Email

 

Enjoy !


24 May 2011

How to Increase BSNL Broadband Speed ?


images (7)Most of us are now using BSNL Broadband Connection to surf the internet and download things(software's,games,songs & movies) as BSNL is a government authorized Company and provides all type of plans starting from Rs150 to 750UL etc. But the problem is this you are facing off frequent DNS issues. Their DNS servers are just unresponsive. The look up takes a long duration and many times just time out. Therefore today I am going to tell you a small hack using third party DNS service as given below -

 

Use third party DNS servers instead of BSNL DNS servers or run your own one like djbdns. The easiest options is to use OpenDNS. Just reconfigure your network to use the following DNS servers:-

208.67.222.222
208.67.220.220

Confirm your operating system and BSNL modem in the OpenDNS website itself using above 2 IP addresses. After it, your DNS severs will respond faster and speed will be optimized easily.

Enjoy Speed !

About the Guest Author -  Y.Sam Philemon
He is an 12th class passed student struggling hard in the field of computer science to make his blog better at www.samypcsoftwares.blogspot.com and now a days enjoying his holidays of summer vacations. You can also find him at Facebook.

That’s it !


21 May 2011

How to Hack Facebook Accounts - All Possible Ways


hack facebook loginNow a days Facebook Hacking is being a tradition for people to fun out. You all know that I also launched my eBook on “Learn Facebook Hacking” previously for that particular purpose only but due to some issues I stop preventing it now.  I was amazed to see that my previous posts on Facebook gets a huge amount of visitors recently. So I decided to write an post on “how to hack Facebook” containing the list of all possible ways or methods to hack Facebook accounts very easily. so Today I am going to explain these 8 methods given below each by each.

1. Phishing attacks

2. Keylogging

3. Cookie stealing techniques

4. Social Engineering

5. Primary Email Address Hack

6. Some readymade Tools and Software's

7. Harmful Viruses

8. Useful Scripts


1. Facebook phishing attacks -

Well Phishing means the art of dragging someone into a well or something else. These type of attacks are very famous and commonly used by the hackers among all the attacks mentioned above, so I am explaining it very firstly. In this procedure, we have to make Fake Login Pages, also known as spoofed pages. These fake login pages resemble the qualities of original login pages of sites like Facebook, Yahoo , Gmail, MySpace etc. The victim is fooled to believe the fake page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her Facebook login details are stolen away and now we can see their passwords in a text file stored in any hosting site where you sign up. To learn more how to perform this attack, please visit Here .

2.Keylogging-

Keylogging is one of the easiest method to hack someone accounts with the help of keyloggers like sniper-spy, winspy etc. All you have to do is to install a keylogger into his/her computer(victims computer) without its permission. Basically an keylogger is that tool which records all the physical activities perform by an user at that particular pc including passwords,usernames,sites etc. Now when the person is going to open his/her account in any website, it will be captured by the keylogger and gets stored. Thus when you are free,go to yours victims house and at his/her pc see the passwords silently. You can also install it remotely if you are not in touch with your victim. Installing the keyloggers in cybercafés is also an good method to work out with. to learn more, please visit Here.


3. Cookie stealing techniques-

Well you all know Cookies, they are used to store all the necessary Information about one’s account , using this information you can easily hack anybody’s account by going into it. To take your victims cookie without its permission you have to take help from some software's like cookielogger,wireshark and add-on’s also like greasemonkey. According to me, it is very hard to perform and have less chances of success. To know more, Please visit Here.

4. Social Engineering-

This sounds very good, but I guess majority of people didn’t aware of it. For newbies, social engineering is method of retrieving password or the answer of security question simply by quering him(your victim). You have to be very careful while using this method as victim must not be aware of your intention. Just ask him cautiously using your logic and way.


5. Primary Email Address hack-

Primary Email Address Hack means that you will hack or gain access to your victims yahoo,Gmail,Rediff etc ids and now you will gonna reset her/his password by saying Facebook that you forgotten the password thus by providing the email address of victims Facebook account which you will already hacked. Now you can see the password coming in the inbox and reset it by logging into yours victims Facebook account and he/she will be easily hacked. So, always remember to protect your Facebook primary email address and try to keep unknown or useless mail id as your primary email address.

6. Some readymade Tools and Software's-

Some hackers or persons says that they will made a tool or hacking software by which you can easily hack someone's Facebook accounts without knowing basics of hacking. Then they will ask you to buy that software for some dollars say $10, but the fact is that they are making you fool by providing this software which either works half-ly or expires after sometime of fixing in the bugs.  Examples of Some of the software's  used in Facebook hacking are Facebook Freezer, Facebook Hacking Tool, Facebook accounts Deleter etc.             

7. Harmful Viruses-

If the hacker gets fail in Hacking someone's Facebook account by the methods mentioned above, then he/she getting started to produce harmful viruses like OMG,WOW,DAMN,CLICK HERE and some other pranks etc. When you will click on it, you will be redirected to any of the hidden pages containing some inappropriate data and your acc. gets hacked. so I suggest you while on clicking such type of viruses you should must scan it with the help of good online scanners and never install any uncertified add-ons in your computer.  

8. Useful Scripts-

In simple words, Scripts means some design or codec to perform some specified task.There are many scripts available online for Facebook Account Hacking like how to see any persons private photos,How to remove FB Advertisements,How to break someone's privacy, how to undo Facebook Changes etc. By using or installing these scripts, you can easily perform hack. To know more, please visit Here.                                        

That’s it !

Don’t Forgot about to comment Or to Subscribe our RSS


16 May 2011

Top most Methods to Increase your Twitter followers and Facebook Likes Per Day


twitter-facebook_iconNow a days majority of the traffic coming to your site or blog are from Facebook or twitter.As Facebook offers Fan page and twitter provides followers. There is a tremendous increase since for last 2 years in that field. Making accounts at Facebook or Twitter is so simple but the only problem happens is that we don’t get likes and followers according to our needs.Therefore to solve this problem I got a new solution consisting of useful tips and tricks and a hack  which I gonna want to discuss here.I can surely say that after reading my post today, everyone get traffic/visitors,popularity,money etc and sort out of this problem very well.

    Top 10 ways to get Max. number of twitter followers

    Twitter-Logo_thumb2

  1. Explain to your followers what retweeting is and encourage them to retweet your links. Retweeting pushes your @username into foreign social graphs, resulting in clicks back to your profile. Track your retweets using retweetist.

  2. Fill out your bio. Your latest tweets and @replies don’t mean much to someone that doesn’t know you. Your bio is the only place you have to tell people who you are. Also, your bio is displayed on Twitter’s Suggested Users page. Leaving it blank or non-descriptive doesn’t encourage people to add you.

  3. As @garyveesays, “link it up.” Put links to your Twitter profile everywhere. Link it on your Digg, LinkedIn, Facebook, blog, email signature, and everywhere else you live online. Also, check out the great feedburner-like badges from TwitterCounter for your blog.

  4. Tweet about your passions in life and #hash tag them. Quality content coupled with an easy way to find it never fails. If others enjoy your content, they’ll add you. Learn more about #hash tagging here.

  5. Bring your twitter account into the physical world. Every time I give a talk, speak on a panel, shoot a podcast, present slides, or hand out business cards, I figure out a way to broadcast or display my twitter account.

  6. Take pictures. Pictures are heavily retweeted/spread around. For mobile pics use iPhone apps such as Tweetie or Twitterific, both which support on the go uploading.

  7. Start a contest and gift items to people through lucky draw if they followed you and get thousands of followers…

  8. Follow the top twitter users and watch what they tweet. Pay attention to the type of content they sent out and how they address their audiences.

  9. Reply to/get involved in #hash tag memes. search.twitter.com lists the hot ‘trending topics. Look for the #hash topics and jump in on the conversation (see #4 for links to #hash instructions).

  10. Track your results. TwitterCounter will show you how many new users you’re adding per day and Qwitter will email you when someone unfollows you after a tweet.

Check out and become my follower at here

 

Top 50 ways to increase your Facebook likes

fb2_thumb

1.Post a status update

Post a status update mentioning your facebook page.

Don’t be afraid to outright ask people to join your facebook page.  Ask and you shall receive.

Give them a great reason why they should join, tell them news, or find a creative way to mention and link to your page:

2.Get Fans to upload and tag photos

50 Ways to Get More People to Like your Facebook PageIf you host (or attend) an event with several of your fans take a bunch of pictures, post them to your page, and then ask your friends to tag themselves in the pictures.

If you can get your fans to upload pictures to your page, or tag themselves in pictures you uploaded, this will post to their walls as well and will lead to additional traffic for you.

3.Offer an incentive for people to sign up

Using some static fbml you can create a dynamic facebook landing page with a “reveal tab” that contains content that is visible only to fans of your page.

The more valuable your incentive is, the more people will be compelled to click the “Like” button to access it.

Examples of exclusive content could be: An exclusive Video, an exclusive whitepaper/.pdf, exclusive pictures.

Stay tuned to krackoworld  In one of our upcoming posts will explain how to set up a “reveal tab.”

The image below shows different levels of increasing effectiveness for acquiring new fans.

50 Ways to Get More People to Like your Facebook Page

Involver offers apps (and several of them are totally free) that make it easy to create a “Fan Gate” containing incentives, like a file or coupon, that will cause more people to “Like” your page.

4.Contact admins of group related to your page

50 Ways to Get More People to Like your Facebook PageGroups are more powerful than pages in terms of their messaging ability. Pages send updates, but groups send messages directly to a users facebook inbox, triggering an email alert.

If you contact the admin of a facebook group with some valuable content that adds value to their readers then this can help them nurture their community and help you build yours.

5.Get people to join your pages via SMS

Send a text message to 32665 (FBOOK) with the words “fan yourusername” OR “like yourusername” (without the quotes).

This feature is ideal when you’re in front of a live audience.

6.Install a Page Badge

50 Ways to Get More People to Like your Facebook Page

Facebook Badges are a simple, yet effective way to link to your facebook profile.

Unlike widgets, badges are simply images, and will load much faster.

7. Installing a Facebook “Like Box” in your site

Installing a “Like Box” is an excellent way to allow visitors to your site become fans without even leaving your page.

The like box builder tool makes it easy to customize the size of your like box, the number of connections to display, and even the color scheme.

Shown in the image below is the rarely used “dark” color scheme.

8.Using status Tagging

Status tagging is a cool and fairly new feature of facebook.

This feature allows you to tag any page or person by entering the @ sign and then typing the name of the page or person you want to tag.

9.Suggest your Page to Friends

Use the “suggest to friends” feature of your page. Use this feature sparingly. Personally, I try to only invite people go my page once because I know it annoys me when multiple people invite me.

If you have many friends you might want to consider using the “invite all” Google chrome extension, rather than clicking hundreds or thousands of times.

10.Put a Like button into your site

Installing a like button allows visitors to like your page, and when they do this posts the their activity stream.

This can send more traffic to your site and if you have a facebook “Like Box” and other content promotion your fan page, since this will help you convert your visitors into fans.

11.Connect your Page to Twitter

50 Ways to Get More People to Like your Facebook Page

Connecting your page to Twitter is an excellent way to convert your twitter followers into facebook fans.

Using this strategy will cause all of your posts to be sent to twitter, with a link back to the facebook version of the post.

www.facebook.com/twitter

12.Link to your Page as a place of Employment

The info box under profile pictures is being phased out, so now if you want an omnipotent link on your profile to your page you will need to list your Page under employment.  Once you do this your Facebook Page will appear under your name on your Profile.

13.Install Commenting on your Landing Page

This will allow people to comment on your page, even if they are not a fan.

Any comments made can broadcast to news feeds and lead to more traffic to your page.

Setting up facebook commenting requires registering a facebook application, so act on this tip with caution unless you are comfortable with code.

14.Leverage Traditional Media

Since facebook is so widespread you can use any forms of traditional media and achieve results.

Newspapers, Media Buys, Radio, and TV all work, but are often very costly.

To maximize your promotion offer a free gift to those who join you page.

15.Newsletter Promotion

If you do email marketing send a message to your subscribers letting them know about your fan page and consider including a link to your fan page in every email.

16.Email Signature

Every email you send is an opportunity to link to your facebook page.

Check out the email signature tool wisestamp for a creative way to link to your social profiles.

17.Get Business cards promoting your Facebook Page

Business cards are cheap.

You can get 500 business cards from Vista Print for $1.99.

For this minimal investment you can get up to 500 new fans for your page!

Throw a link on your card and people will almost certainly check it out.

If you’re pressed for space in your design all page urls can be shortened from facebook.com to fb.me, or fb.com.

For example,www.facebook.com/mykrackoworld, www.fb.me/mykrackoworld, and www.fb.com/mykrackoworld all point to the same page.

18.Fiverr

50 Ways to Get More People to Like your Facebook Page

Fiverr is an online marketplace where services are sold for five bucks.

Check out their “Social Marketing” and “Advertising” section and here you will find some people who are willing to suggest your page to 5,000 of their friends for just $5.

You will need to make the person who will suggest your page to their friends an admin in order for them to do this for you, but if you are willing to place your trust in someone to do this and they come through for you this will allow you to pick up dozens if not hundreds of new fans.

19.Create a Landing Page Using static FBML

50 Ways to Get More People to Like your Facebook Page

By creating a custom landing tab for your facebook page you can increase the conversion of visitors to fans.

20.Run a “Fans Only” Contest

An excellent way to run a fans only contest is using wildfireapp.

There are rules and regulations around running a contest on facebook so be sure to check out the facebook Statement of Rights and Responsibilities (“Statement”) before you run one.

21.Link to your Page from your Profile

Edit your Facebook profile information to include promotion for your Fan Page.

At the bottom of the info section of your profile you can include links to any websites you are affiliated with.

The more links you can build to your Page, the more traffic you will be able to send to your Facebook Fan Page. I am constantly seeking new opportunities to build links that will send traffic to my Fan Page.

22.Blog commenting

Comment on blogs and in the website section use a link to your fan page.

23. Link to your Facebook Page from your Linkedin Profile

Linkedin gives every user three slots for links to whatever you’d like right on your profile.

You can make the anchor text of these links whatever you like, so I recommend using a call to action such as: Join my facebook page.

24.Upload video to Facebook

Facebook video is very underrated, and exceptionally powerful.

When you embed a facebook video on another website this video includes a watermark link in the top left corner to the fan page it came from.

25.Watermark your Videos with a link to your Website

Using a video editing program include a link to your website.

I use camtasia to add my watermarks, and to record any screencast I create, and this program comes with a free 30 day trial.

26.Create a memorable url

If you go to facebook.com/username you will be able to create a custom URL for your page.

Remember that this cannot be changed once it is set, so choose wisely.

27.Deliver an exceptional experience

Although facebook pages are no longer officially considered “fan pages” if you work to create fans of your brand many of them will certainly seek out and join your facebook page.

Strive to deliver an awesome experience for those who interact with your brand. Go above and beyond when engaging with your community and they will spread the word.

A famous article called 1,000 true fans maintains that they are all you need to create a thriving business. Don’t try just to get people to click “like” but instead seek to create raving true fan who will spread your word far and wide.

28.LInk it up

This tip comes from @garyvee and it’s a good one: link it up!

Hyperlinks are what weave the web together so use them often and every time you do you are opening up another gateway into your fan page.

29.Flip the Funnel

Drive your fans back to your website for new blog posts.

Make sure that your blog has social sharing and many of your fans will “like” your blog posts and tweet it out to their followers on twitter as well.

30.Track your Growth with Facebook insights

Facebook insights shows you how many fans you have over time, and some fairly detailed demographic information as well.

Using this knowledge you can analyze what activities drive the most growth, and then duplicate your success.

31.Analyse your Demographics with insights

Facebook demographics are a powerful feature of insights that allows you to determine the gender and age of the people in your page.  Once you know this information you can focus your content to appeal to the age group and gender of your fans.

Here is the demographic information of the krackoworld fan page:

50 Ways to Get More People to Like your Facebook Page

32.Take and Blog about your Page

Word of mouth does not start itself. Get the conversation going by mentioning your facebook page in blog posts and in every day conversation.

33.Learn more about Facebook

The more you know about facebook the more you can use this knowledge to drive the gowth your community.

To learn more about facebook enroll in our FREE facebook ecourse.

34.Divine more Traffic to your website

Use these tips to get more free traffic to your website. Make sure that your “Like Box” is featured prominently, and plenty of this traffic will “Like” your page.

35.Produce Epic Content

If your blog content is epic this will drive the growth of your page in a serious way.

Epic content has the best chance of going viral and if a blog post goes viral this also causes it to move up in the rankings in Google, leading to even more traffic, a percentage of which will convert to fans.

36.Install a Like Button into your Posts

50 Ways to Get More People to Like your Facebook PageInstalling a like button into your posts will help drive extra traffic to your posts and it will also show that facebook is an integral part of your brand.

If you have a self hosted wordpress blog I recommend installing the WP FB Like plugin.

The more you can integrate facebook with your site the more likely people will be to join your facebook page.

37.Make a Facebook Like Sign

Blue Sky Factory created a  Facebook “Like” sign tool that you can use to create a cool image that will help promote your facebook page.

38.Buy them

Although I do not recommend this option, there are several services out there that sell facebook likes.

The first 1,000 fans are usually the hardest to get so a service like this might help you get the critical mass needed to get more genuine organic fans.

39.Run a Targeted ad Campaign

Facebook advertising is exceptionally powerful due to the ability it offers to hyper target your market.

Facebook ads can be targeted based on age, location, and interests.

40.Turn your customers into fans

If someone likes you enough to buy your product then there is a good chance that they will like you on facebook as well.

Rig up your “thank you” page with a facebook “Like Box” and you’ll be good to go!

41.Advertise your Page

The more you advertise your page the more fans you will be able to achieve.

Facebook advertising s a smart way to promote since you can target specific demographic and interest groups.

You will need a sales funnel in place in order to justify an advertising budget and I recommend setting this up prior to advertising on Facebook.

When I signed up for my Hosting account with GoDaddy I was able to get a free Facebook advertising coupon for $50 and I believe they are still offering this promotion.

42.Use hootsuite to manage your Page

50 Ways to Get More People to Like your Facebook Page

By using Hootsuite to manage your facebook pages you can maximize engagement by scheduling your posts ahead of time to go out when they will get the most attention.

Facebook posts get the most engagement early in the morning and a few hours before bed.

43.Get an attractive Profile Picture

A picture says a thousand words, so to really optimize your business page you should use the largest profile picture possible.

Currently the maximum profile picture size is 200 x 600 pixels.

44.Do a “fan of the month” promotion

By highlighting one of your best fans every month you indirectly encourage fans to engage more, so that they can win the coveted fan of the month title the next month.

Offer a monthly prize, such as a cool free product or service related to your brand, and the competition for this title will only increase.

45.Message your Friends and ask them to join

This tried and tested method takes more ground work, but this method will allow you to build relationships and target the friends that you think are the most relevant to your page.

46.Include a link to your Fan page in your Forum signature

If you are active in any forums you will have the option to attach a “signature” to every post that you write.

Throw a link in your signature to your facebook page, and it will be clicked.

Do your best to add value and answer questions with your posts, and people will be more inclined to click your link and join your page.

A link with a call to action is more likely to get clicked than a link alone, so go with “Join my Facebook Page: www.facebook.com/mykrackoworld” instead of simply: “www.facebook.com/mykrackoworld

47.Create a redirect Url

Creating a redirect to your facebook fan page is one way to “presell” the people who click it on joining your page.

For example, if your link is: www.yourdomain.com/joinmyfacebookpage anyone who clicks it will probably join your page.

Here is an article on how to redirect a webpage.

48.Give away Fan Page swag

Websites like Zazzle make it easy for people to customize swag, such as the nifty “you like this” t-shirt below.

If you gave away shirts (or mugs, or stickers) like this with your facebook url included you could easily amass an army of walking billboards for your facebook page.

50 Ways to Get More People to Like your Facebook Page

49.Find more Facebook Friends

The more friends you have, the better your chances will be that some of these friends will join your fan page.

Facebook has a “Find Your Friends Tool” that allows you to import your contact list from a variety of email clients, or an email list.

This tool also displays “People you may know” which I have found is very good at suggesting people that have many mutual friends as me.

50.Share this article anywhere

If you share this post with your facebook friends and it will become obvious to them that getting more fans important to you, and if you have included a link to your facebook page in your info box or the “Website” section of your website there is a good chance that they will click it.

Check out and Join my page Here

 

You can also buy Facebook Fan Page likes and Twitter Followers from me(Its all legal)

100-Satisfaction-Guaranteed-Seal_thu

500 Facebook likes= 7$ 500 followers=5$
1000 Facebook likes=14$ 1000 followers=10$
2000 Facebook likes=21$ 2000 followers=20$
3000 Facebook likes= 28$ 3000 followers=30$

Note= Likes and followers should be added after 24 hrs in your account of submitting your request to me.

You can contact me at krackoworld@gmail.com or via filling out this form.

Enjoy and don’t forgot to comment it.


13 May 2011

Session Hijacking Video – The Complete Guide


brandjackIn computer science, session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft).

TCP session hijacking is when a hacker takes over a TCP session between two machines. Since most authentication only occurs at the start of a TCP session, this allows the hacker to gain access to a machine.

A popular method is using source-routed IP packets. This allows a hacker at point A on the network to participate in a conversation between B and C by encouraging the IP packets to pass through its machine.

If source-routing is turned off, the hacker can use "blind" hijacking, whereby it guesses the responses of the two machines. Thus, the hacker can send a command, but can never see the response. However, a common command would be to set a password allowing access from somewhere else on the net.

A hacker can also be "inline" between B and C using a sniffing program to watch the conversation. This is known as a "man-in-the-middle attack".

A common component of such an attack is to execute a denial-of-service (DoS) attack against one end-point to stop it from responding. This attack can be either against the machine to force it to crash, or against the network connection to force heavy packet loss.

History

Session hijacking was not possible with early versions of HTTP.

HTTP protocol versions 0.8 and 0.9 lacked cookies and other features necessary for session hijacking. Version 0.9beta of Mosaic Netscape, released on October 13, 1994, supported cookies.

Early versions of HTTP 1.0 did have some security weaknesses relating to session hijacking, but they were difficult to exploit due to the vagaries of most early HTTP 1.0 servers and browsers. As HTTP 1.0 has been designated as a fallback for HTTP 1.1 since the early 2000s -- and as HTTP 1.0 servers are all essentially HTTP 1.1 servers the session hijacking problem has evolved into a nearly permanent security risk.

The introduction of super cookies and other features with the modernized HTTP 1.1 has allowed for the hijacking problem to become an ongoing security problem. Webserver and browser state machine standardization has contributed to this ongoing security problem.

Session hijacking has been an ongoing problem for web browser developers and security experts for at least 5 years.

Methods

There are four main methods used to perpetrate a session hijack. These are:

  • Session fixation, where the attacker sets a user's session id to one known to him, for example by sending the user an email with a link that contains a particular session id. The attacker now only has to wait until the user logs in.
  • Session side jacking, where the attacker uses packet sniffing to read network traffic between two parties to steal the session cookie. Many web sites use SSL encryption for login pages to prevent attackers from seeing the password, but do not use encryption for the rest of the site once authenticated. This allows attackers that can read the network traffic to intercept all the data that is submitted to the server or web pages viewed by the client. Since this data includes the session cookie, it allows him to impersonate the victim, even if the password itself is not compromised.Unsecured Wi-Fi hotspots are particularly vulnerable, as anyone sharing the network will generally be able to read most of the web traffic between other nodes and the access point.
  • Alternatively, an attacker with physical access can simply attempt to steal the session key by, for example, obtaining the file or memory contents of the appropriate part of either the user's computer or the server.
  • Cross-site scripting, where the attacker tricks the user's computer into running code which is treated as trustworthy because it appears to belong to the server, allowing the attacker to obtain a copy of the cookie or perform other operations.

Prevention

Methods to prevent session hijacking include:

  • An open source solution is ArpON "ARP handler inspection". It is a portable handler daemon that make ARP secure in order to avoid the Man In The Middle (MITM) through ARP Spoofing/Poisoning attacks. It detects and blocks also derived attacks by it for more complex attacks, as: DHCP Spoofing, DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks.
  • Use of a long random number or string as the session key. This reduces the risk that an attacker could simply guess a valid session key through trial and error or brute force attacks.
  • Regenerating the session id after a successful login. This prevents session fixation because the attacker does not know the session id of the user after he has logged in.
  • Encryption of the data passed between the parties; in particular the session key. This technique is widely relied-upon by web-based banks and other e-commerce services, because it completely prevents sniffing-style attacks. However, it could still be possible to perform some other kind of session hijack.
  • Some services make secondary checks against the identity of the user. For example, a web server could check with each request made that the IP address of the user matched the one last used during that session. This does not prevent attacks by somebody who shares the same IP address, however, and could be frustrating for users whose IP address is liable to change during a browsing session.
  • Alternatively, some services will change the value of the cookie with each and every request. This dramatically reduces the window in which an attacker can operate and makes it easy to identify whether an attack has taken place, but can cause other technical problems (for example, preventing the back button from working properly, on the web).
  • Users may also wish to log out of websites whenever they are finished using them.

Firesheep

Recently a firefox extension called Firesheep has exploited and made it easy for public wifi users to be attacked by session hijackers. Websites like Facebook, Twitter, and any that the user adds to their preferences allow the firesheep user to easily access private information from cookies and threaten the public wifi users personal property.

Below is a video given by Rahul Tyagi (An Ethical Hacker of Punjab) to demonstrate Session hijacking properly.

 

That’s it !


07 May 2011

How to Choose Strong Passwords To Protect Yourself From Hackers ?


istock-000004426908xsmallNow a days Hackers are more concentrating on their skills that how to break the security and hack emails and accounts for their fun and hobby.But the fact is that they cant be stopped or freeze.So therefore we should apply one formula of picking up the strong and secure passwords from them to safeguard us. The importance of picking a good, secure password can't be emphasized enough. Your password is the way the computer verifies that someone logging in is really you, so pick something that cannot be guessed by others. The top reasons people gain unauthorized accesses to a password protected system is: They guessed someone's password. (often because they found it on a piece of paper next to the victim's computer or because they saw the person type the password in, but also because they use software programs that are VERY good at guessing common passwords.)

What Happens To People Who Choose Weak Passwords -

If someone else obtains your passwords, they may start to use your account to see your private data, including email, your bank accounts, your phone messages; they could start to alter or destroy your files or they could take over your computer; and they might even perform illegal activities in your name -- in such cases, it is difficult to find out who the culprit is and you might get under suspicion.

The Basics -

The following guidelines will guard against someone finding out your password and using your account illegally:

  1. Make your password as long as possible. The longer it is, the more difficult it will be to attack the password with a brute-force search. Always use at least 6 characters in your password, at least two of which are numeric.
  2. Use as many different characters as possible when forming your password. Use numbers, punctuation characters and, when possible, mixed upper and lower-case letters. Choosing characters from the largest possible alphabet will make your password more secure.
  3. Do not use personal information in your password that someone else is likely to be able to figure out. Obviously, things like your name, phone number, and address are to be avoided. Even names of acquaintances and the like should not be used.
  4. Do not use words, geographical names, or biographical names that are listed in standard dictionaries.
  5. Never use a password that is the same as your account number.
  6. Do not use passwords that are easy to spot while you're typing them in. Passwords like 12345, qwerty (i.e., all keys right next to each other), or nnnnnn should be avoided.

Try This If You're Having Difficulty Selecting a Good Password -

If you are having difficulty picking a good password, one good method is to use the first letter of each word in a phrase you can easily remember. For example, "Alta is my kind of place" would be Aimkop. Another method is to intentionally use misspelled words, or words with a number or punctuation mark suffixed. Examples include: braekfast, kite276, and weather. (the period at the end is part of the password). Also, many hackers use numbers or punctuation instead of letters to do a basic encrypt of text, as in: h3llo is hello or he!!o is also hello. Don't copy any of these examples, but y0u g3t the d4ift! The more creative you are the better.

Here are some guidelines about what secure passwords should not include _

  • Your name
  • Your spouse's name
  • Your parent's name
  • Your pet's name
  • Your child's name
  • Names of close friends or coworkers
  • Names of your favorite fantasy characters
  • Your boss's name
  • Anybody's name
  • The name of the operating system you're using
  • The hostname of your computer
  • Your phone number
  • Your license plate number
  • Any part of your social security number
  • Anybody's birth date
  • Other information that is easily obtained about you
  • Words such as wizard, guru, gandalf, and so on.
  • Any username on the computer in any form (as is, capitalized, etc.)
  • A word in the English dictionary
  • A word in a foreign dictionary
  • A place
  • A proper noun
  • Passwords of all the same letter
  • Simple patterns on the keyboard, like qwerty
  • Any of the above spelled backwards
  • Any of the above followed or prepended by a single digit

Things to Avoid -

        1.Don't use a password that is listed as an example of how to pick a good password.
        2.Don't use a password that contains personal information (name, birth date, etc.)
        3.Don't use words or acronyms that can be found in a dictionary.
        4.Don't use keyboard patterns (asdf) or sequential numbers (1234).
        5.Don't make your password all numbers, uppercase letters or lowercase letters.
        6.Don't use repeating characters (aa11).

Good passwords have -

  • Have both upper and lower case letters .
  • Have digits and/or punctuation characters as well as letters .
  • Are easy to remember, so they do not have to be written down .
  • Include phonetic replacements such as iluvwindoos instead of ilovewindows.
  • Are seven or eight characters long .
  • Can be typed quickly, so someone else cannot look over your shoulder .

Advanced Password Strategies -

Changing passwords -- some people say that changing your password every 30 days is a good rule-of-thumb, and you should never go longer than 90 days before picking a new password. Other's disagree3. The longer you wait before changing passwords, the more difficult it will be to get used to the new one. Whatever you do, do not reuse any previous password you have used and do not write a password on a sticky piece of paper and put it near your computer. Also, please note that if someone cracks your GPG, PGP or SSH private key file password and makes a copy of your key ring, then you can change your GPG password all you want and they'll still be able to decrypt their copy of your key ring with the old password. So in the case of GPG, you should set your public key to expire and change your public key (I set mine to change every year) in addition to changing your password.

That’s it !


04 May 2011

How to Hack a Computer Or Website Using MetaSploit?


metasploit-logoMetasploit is one of the greatest Hacking tools ever. It makes the hacking easy for the Script Kiddies (new hackers).The Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development. But Question comes How to use it to hack a computer?

What are the Metasploit Framework and the Metasploit Project ?

The Metasploit® Framework is a free, open source penetration testing solution developed by the open source community and Rapid7. It is the de-facto standard for penetration testing with more than one million unique downloads per year and the world’s largest, public database of quality assured exploits.

The term Metasploit Project encompasses the Metasploit Framework, the world’s leading penetration testing tool, and the community that fuels it. It is an open source project that provides penetration testing software, information on security vulnerabilities, and enables exploit code and IDS signature development.

The Metasploit Framework, developed in Ruby with some C and assembler components, is the actual development platform used to create security test tools and exploit modules and can also be used as a penetration testing system. It is an extremely powerful command-line tool that has released some of the most sophisticated exploits to public security vulnerabilities. It’s also known for its anti-forensic and evasion tools, which are built into the Metasploit Framework.

Who is Metasploit Framework for ?

If you’re running or responsible for any type of IT system that hackers or cyber criminals may want to break into, deface, or bring down for business or pleasure, Metasploit Framework is for you. The tool enables you to carry out penetration tests (often called “pentests”) on your own systems. This means you’re attacking your own systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network.

Metasploit Framework comes in command-line as well as GUI version. This article will deal with the command-line version. Followings are the basic commands of Metasploit that you should Learn by Heart.

1: help (show the commands.)

2: show info XXXX (to show the information on specified XXXX value, that is can be exploit or payload)

3: show options ( to show the options for a exploit and payload. Like RHOST, LHOST)

4: show exploits/payloads (to get a list of exploits/payloads)

5: use XXXX (to select the name of the exploit.)

6: set XXXX (to set the value of RHOST, LHOST or payload)

7: exploit (to launch a exploit on targeted machine.)

Note: -To hack a computer using Metasploit first you should have the enough information of the target ­­including-

1: IP address

2: Open Ports

3: services running

4: Version of software running

All of these need a little work. A famous tool to do all of these is NMAP on which I have written some articles.

Now the first step is choosing a right exploit for the vulnerabilities in the machine. To determine the exploit for the attack you need all the things noted above. For example the computer is running a SMTP server on Port 25 and there is a exploit on it than you hack that computer.

To choose an exploit following command is there:

Use [exploits address . e.g. Exploit/windows/smtp/xxx. ]

Now you need a payload (payload is a piece of program that will be executed if vulnerability is exploited). To get a list of all the payloads available for the exploit Just type following command.

Show payloads

Now choose an appropriate a payload from it. The only thing left is to set the fields for the attack. List of Most Probable fields to be set is given bellow.

RHOST = The IP address of the computer to be attacked.

RPORT = The Port of the service to exploited (it set by default)

LHOST = The IP address of your computer (it set by default)

LPORT = The default port of your Metasploit program (it set by default)

Now the Last step is to type the following command and Launch attack to the computer.

exploit

After typing this command the attack will be launched and if vulnerability is successfully exploited the payload will be executed and a shell (you can take it as command prompt) will be launched which will allow you to do anything with the computer that you have attacked.

Download Metasploit Framework


 

Recent Posts

Review this blog on Bloggers.com

Recent Comments

| KrackoWorld (KoW) © 2014. All Rights Reserved | Style By All Web Designing | | Contact |