Showing posts with label Computer Hacks. Show all posts
Showing posts with label Computer Hacks. Show all posts

Burp Suite


Burp Suite is an integrated platform for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Burp gives you full control, letting you combine advanced manual techniques with state-of-the-art automation, to make your work faster, more effective, and more fun.
Burp Suite contains the following key components:
  • An intercepting proxy, which lets you inspect and modify traffic between your browser and the target application.
  • An application-aware spider, for crawling content and functionality.
  • An advanced web application scanner, for automating the detection of numerous types of vulnerability.
  • An intruder tool, for performing powerful customized attacks to find and exploit unusual vulnerabilities.
  • A repeater tool, for manipulating and resending individual requests.
  • A sequencer tool, for testing the randomness of session tokens.
  • The ability to save your work and resume working later.
  • Extensibility, allowing you to easily write your own plugins, to perform complex and highly customized tasks within Burp.
Burp is easy to use and intuitive, allowing new users to begin working right away. Burp is also highly configurable, and contains numerous powerful features to assist the most experienced testers with their work.
Download link: Burp Suite
No comments:
Labels:

Cain & Abel

Cain & Abel is a nifty program that deals with recovering lost passwords using the most powerful and tough decryption algorithms. It is capable to quickly and efficiently retrieve Outlook and network passwords and to display passwords underneath asterisks.

Most encrypted passwords are breakable using this program via Dictionary, Brute-Force and Cryptanalysis attacks. Decrypting scrambled passwords or wireless network keys is not a challenge either. Besides the ability to record VoIP conversations, the application also features the possibility to analyze route protocols. 
Cain & Abel is made of two major components: the first one, Cain, is the frontend application that recovers passwords and the password sniffing part; the second one, Abel, is a Windows NT service that requires to be installed (locally or remotely) and has the role of scrambling the traffic inside the network, for additional protection.
The program doesn’t seek to impress through looks, which is why the user interface may seem a little unpolished. At a closer look, it sports an organized and easy to explore panel, while the additional menus encompass a wide range of tools. These include a Route Table utility, a Base64 and Cisco Password Decoder, a hash calculator, a RSA SecurID Token Calculator, to name a few.
Cain & Abel’s interface is divided into several sections, the first of which deals with decoding passwords (for Internet Explorer,Windows Mail, Dialup Passwords, as well as others). Other panels include a Sniffer (detects and retains passwords), a Trace Route Utility and a Wireless Scanner (identifies wireless networks and provides details on MAC addresses).
Bottom line is that you can’t go wrong with Cain & Abel’s decoding algorithms. It’s witty enough to recover the strongest passwords stored on your computer and features a bunch of other hash and decryption utilities that recommend it.

 Download link : Cain&Abel
No comments:
Labels:

SPOOFING...!!!

Spoofing is simply changing the original data with the fake one. Spoofing can be done in different area.


1) IP spoofing

2) web page or URL spoofing

3) Mail ID spoofing

4) MAC address spoofing


IP spoofing is done simply by changing the original ip address with a fake IP using many softwares.
This is mainly done when the attacker need to listen to the packets flowing between two users in the network, simply known as 'MAN IN THE MIDDLE' attack. Here the attacker interpret as a legitimate user and gets his data from the responder.


URL spoofing is other wise well know as 'PHISHING'. Here the attacker give little more effect to get his data from the victim. The attacker need to design a webpage which looks and feels similar to the original web page, this can be done as simple as in few mits just by grabbing the source code. now they just need to edit the source code to change the destination link and the database link. Then they will be hosting their page in different server even for free. Always when you click a link plz look at the address bar and also at the loading bar which is the left bottom corner of the browser if you find a different web page name rather than the registered website please don't submit your data in it. This phishing attack is mail done for the online banking website and also for the mail providers website.


Mail ID spoofing is another commonly used and easy way to do again this can be done with many sofware which is of free of cost and also, If a site has configured the mail server to allow connections to the SMTP port, anyone can connect to the SMTP port of a site and (in accordance with that protocol) issue commands that will send email that appears to be from the address of the individual's choice; this can be a valid email address or a fictitious address that is correctly formatted.

Most common mail which every one would had at least received once is " congratulation you have won 10000000 USD DOLLER" which is one type of spamming but still those people use the spoofed ID to claim them self as the legitimate company .
To check this, if your gmail user go to tha mail look for a down arrow mark near to reply and look for ' SHOW ORIGINAL' it actually shows the message ID, authentication detail, domain name of the SMTP server and other detail about the user. If you study a bit about the header file we can come to a conclusion. This is bit hard to non tech people but still it's a method to find out.
ADVICE: Never reply to an unfamiliar mails. No one is going to give money for doing nothing, so please ignore those.


MAC address spoofing, yes believe me it is possible. Few people say that we can't change the physical address of the NIC i.e MAC address, but it's wrong.
In Microsoft's OS it is possible simply by changing the value of the network driver in the registry file.
How to do it in XP ??

a) Go to Start -> Run, type "regedt32" to start registry editor. Do not use "Regedit".


b) Go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}". Double click on it to expand the tree. The subkeys are 4-digit numbers, which represent particular network adapters. You should see it starts with 0000, then 0001, 0002, 0003 and so on.


c) Find the interface you want by searching for the proper "DriverDesc" key.


d) Edit, or add, the string key "NetworkAddress" (has the data type "REG_SZ") to contain the new MAC address.


e) Disable then re-enable the network interface that you changed (or reboot the system).
or
simply use some tool to do those. Google it and also let me know.


In LINUX

It's only a three step process

a) Bring your interface down= ifconfig eth0 down

b) Enter new mac address= ifconfig eth0 hw ether (00:00:00:11:11:11:11) or any

c) Bring back the interface = ifconfig etho up


About MAC OS

Under Mac OS X, the MAC address can be altered in a fashion similar to the Linux and FreeBSD methods:
   sudo ifconfig en0 lladdr 00:01:02:03:04:05
or
   sudo ifconfig en0 ether 00:01:02:03:04:05 
No comments:
Labels:

How to boot any OS from your USB


People want use different OS in PC or laptop ?? Here is a easy way to boot OS from USB.


Things you need
* A USB with free capacity of 4 GB or more.
* Any OS setup CD or setup file.
* PC running with windows and command prompt.

OK now let me give you the steps you need to follow.
1) Type cmd in run.

CMD->diskpart
Diskpart> list disk

select the usb disk name
then type following in diskpart>

diskpart> select [name of the disk wanted to erase(Disk 0 or Disk 1 what ever)so the command will look like "select disk1"]

clean
create partition primary
select partition 1
active
format fs=fat32
assign
exit

Now steps to copy the OS from the setup CD to the USB.

If you need to copy the file from cdrom to ur USB type this in command prompt

xcopy (your cd drive name :\to the usb drive name:/s/e/f)
example: xcopy g:\f:\ /s/e/f

Then u need to go to boot menu and choose include "removable device" for booting at start up.

YOU can also format the usb with other software but this way is to use your command prompt.

This way you doesn't need to install in the primary hard disk.
No comments:
Labels:
Subscribe to: Posts (Atom)