Wish you a very Happy New Year 2012

Thanks for all your support and reading. Good luck to all.

-Saba

The 101 Most Useful Websites - Interesting - free :)

The sites mentioned here, well most of them, solve at least one problem really well and they all have simple web addresses (URLs) that you can easily learn by heart thus saving you a trip to Google.

01. screenr.com – record movies of your desktop and send them straight to YouTube.
02. bounceapp.com – for capturing full length screenshots of web pages.
03. goo.gl – shorten long URLs and convert URLs into QR codes.
04. untiny.me – find the original URLs that's hiding behind a short URLs.
05. qClock – find the local time of a city using a Google Map.
06. copypastecharacter.com – copy special characters that aren't on your keyboard.
07. postpost.com – a better search engine for twitter.
08. lovelycharts.com – create flowcharts, network diagrams, sitemaps, etc.
09. iconfinder.com – the best place to find icons of all sizes.

Open Source for Windows! - Huge List

Credit:- http://osswin.sourceforge.net/

Audio editing tools

• CDex [GNU GPL]
• Ogg Vorbis
• Musepack [GNU LGPL, BSD]
• Audacity [GNU GPL]
• CD-DA X-Tractor [GNU GPL]
• LAME [GNU LGPL]:
  • Official site
• AudioCoding
• Mp3splt [GNU GPL]

ClubHack’11 PreCon CTF – A WalkThru --- PPT ( Winner's Presentation)

How i-won-club hack-precon-ctf-v2

View more presentations from n|u - The Open Security Community

Advanced IP Scanner 2.2: beta-testing now open

Advanced IP Scanner 2.2 is the beta version of a free, fast and easy-to-use network scanner for Windows. In a matter of seconds, this utility finds all the computers on any network and provides easy access to their various resources, whether HTTP, HTTPS, FTP or shared folders. Among the latest improvements made to Advanced IP Scanner 2.2 are the following:

• A "Manufacturer" column, containing information about the network card manufacturer for each computer located has been added to the scan results table;
• A new function has been added for printing the scan results, along with a print preview facility;
• The option to carry out an automatic check for new versions of the program has been added;
• The user interface has been improved.

This beta release is being made available so that users can test and evaluate the next version of Advanced IP Scanner 2.2. Whether you are a regular user of Advanced IP Scanner or new to the product, this is a great opportunity to help us make the next release the best ever. In order to take part in beta-testing, users are encouraged to download the software, check that it is compatible with the operating system installed on their computer, familiarize themselves with the product, and report any bugs, issues and suggestions as to how to improve it. Each tester who finds a critical bug and sends in a suggestion about improving the program will receive a free Radmin license.
For a free download of Advanced IP Scanner 2.2, beta version, and to find out more about beta testing, please visit: www.radmin.com/products/beta.php.


Source

Top ten free Anonymous surfing sites

The anonymous surfing sites are the sites from which you can view any sites anonymously and also view blocked websites .Also you can hide your ip-address by using these sites.You can now browse any websites which are blocked in specific country,school,office etc. by entering your blocked site in these free anonymous surfing sites.These sites uses proxies which hide your ip-address .So any site cannot track your information and you can be hidden for any site.All the below sites contains no pop-up ads and are fast and free

Exploit writing tutorial

The is the summary of the Corelan's Exploit writing tutorial offical site.

Part 1 : Stack Based Overflows

Part 2 : Stack Based Overflows - jumping to shellcode

Part 3 : SEH Based Exploits

Part 3b : SEH Based Exploits - just another example

Part 4 : From Exploit to Metasploit - The basic

Part 5 : How debugger modules & plugins can speed up basic exploit development

Part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR

Part 7 : Unicode - from 0x00410041 to calc

Part 8 : Win32 Egg Hunting

Part 9 : Introduction to Win32 shellcoding

Part 10 : Chaining DEP with ROP - the Rubik's Cube

Credit

Source

Google Images :- Search by Image

Now Question ,how is it useful ?

you can use this search for social engineering along with person pics.
you can find fake profile of any social networking site.
  
want to try ? interesting one would be... upload your own pic and see where else it has been used ;)


Saba

Good Network Scanner - Freeware -- Windows

Key features

• Pings computers and displays those alive.
• Detects hardware MAC-addresses, even across routers.
• Detects hidden shared folders and writable ones.
• Detects your internal and external IP addresses.

XSSer Penetration Testing Tool 1.6-1 -----Open Source

XSSer is an open source penetration testing tool that automates the process of detecting and exploiting XSS injections against different applications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

Download

Related video :-



Saba

Vega Web Security Scanner 1.0 Beta Windows / Linux

Vega is a GUI-based, multi-platform, free and open source web security scanner that can be used to find instances of SQL injection, cross-site scripting (XSS), and other vulnerabilities in your web applications. Vega also includes an intercepting proxy for interactive web application debugging. Vega attack modules are written in Javascript, users can easily modify them or write their own.

Download


Saba

National Level Ethical Hacking Contest - 2012 - Sign up now...

What you need to do?
1. Form a team (max five members from your college)
2. Approach a faculty/mentor and request him/her to mentor your team
3. Register online at http://inctf.in
In addition it’s been decided that teams which finished in the top 10 places on InCTF 2011 qualify directly for the second round-they do not have to participate in the first round. Congratulations to all these teams!
Great Rewards

25K	The winning team receives a cash prize of up to Rs. 25000/-
20K	The first runner-up team receives a cash prize of up to Rs. 20000/-
15K	The second runner-up team receives a cash prize of up to Rs. 15000/-
10K	The third runner-up team receives a cash prize of up to Rs. 10000/-
5K	The fourth runner-up team receives a cash prize of up to Rs. 5000/-

See http://inctf.in/prizes for more.

Special Prizes*

• Teams are awarded prizes based on their performance
• Deserving teams are well awarded. Exciting prizes to be won.

So, what are you waiting for? It’s simple: Register, Learn, Hack! See you in InCTF ’12

for more infor :-   http://inctf.in

Unable to delete the file? here is the trick..

Unable to delete the file?

Here the trick how you can delete these kind of files.

Here are steps.

SEND SELF-DESTRUCTING EMAILS... Interesting one.

What is KickNotes?

KickNotes is a completely free service used to send and receive self-destructing online messages.

http://www.kicknotes.com/aboutkn.htm

Use KickNotes to send:

Sensitive Messages
Personal Contact Info
Announcements
Invitations
Temporary Advertising
"Work Unsafe" Links or Images

Use KickNotes on:

Work Computers
Family Computers
Shared Computers
Public Computers

Sql injection Using Havij - Video

Credit:

Source :- http://secxplrd.blogspot.com/2011/11/sql-injection-using-havij.html

You like a Blog ... Convert it into E- book --- Free.

 Website Name :-Book Smith 
Supports :- Blogger and wordpresss  
Use  Gmail login  to get full content of blogs, you may also continue with parital content,

Why should i use this conversion   ?
1) you may like the blog and you dont have time to read the complete articles at the same time frame
2) This e-book helps to read you blog articles offline. cool haaa


Or


Just  convert web page to pdf....


use this...


http://pdfmyurl.com/


Saba

The SAMHAIN file integrity / host-based intrusion detection system

The Samhain host-based intrusion detection system (HIDS) provides file integrity checking and log file monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes.
Samhain been designed to monitor multiple hosts with potentially different operating systems, providing centralized logging and maintenance, although it can also be used as standalone application on a single host.
Samhain is an open-source multiplatform application for POSIX systems (Unix, Linux, Cygwin/Windows).

PHP Vulnerability Hunter v.1.1.4.6 - Automated fuzz testing tool

PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool.  

 This is the application that detected almost all of the web application vulnerabilities listed on the advisories page. PHP Vulnerability Hunter is an advanced automated whitebox fuzz testing tool capable of triggering a wide range of exploitable faults in PHP web applications. Minimal configuration is necessary to begin a scan; PHP Vulnerability Hunter doesn’t even need a user specified starting URI. 

For More http://www.autosectools.com/PHP-Vulnerability-Scanner



Download


Source

Ncrack – High Speed Network Authentication Cracking Tool

Introduction

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.
Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more. Protocols supported include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.

Are you a Hacker/Cracker -Test your Hacking skills - Live

Below are the websites where you can learn and hack like hackers.


1) http://hackforums.net/ -Hacking and Market place
2) http://evilzone.org/ -Hacking and Warez
3) http://hackaday.com/
4) http://www.hitb.org/
5)http://www.hackthissite.org/ - Best site :)

Source
Credit

Step wise :-phUploader Remote File Upload Vulnerability

This is purely for educational purpose

Step:1
www.google.com 
Step:2
intitle:Powered By phUploader  ( paste this and search for Vulnerable site)
Step:3
vulnerable site will have path ending with upload.php
Ex:-http://sitename/ path/upload.php
Ex:- http://sitename/upload.php 

Uniscan 5.2 : Information Security vulnerability Scanner

The Uniscan vulnerability scanner is aimed at information security, which aims at finding vulnerabilities in Web systems. The Uniscan was developed using the Perl programming language to be easier to work with text, has an easy to use regular expressions and is also multi-threaded.

nmapsi4 0.3 beta1 released.

NmapSI4

NmapSi4 is a complete Qt4-based Gui with the design goals to provide a complete nmap interface for Users, in order to menage all option of this power security net scanner and search services vulnerability.

• Traceroute support with nmap.
• Lookup support with internal tool or dig.
• Vulnerabilities search support (new functionality done 0.3~git).

Facebook spam attack results in graphic images for some users

Facebook said a deliberate spam attack was behind a flood of graphic images that some users had reported seeing in their news feeds.
The issue, which first surfaced last week, had largely been resolved by late Tuesday, said Frederic Wolens, a spokesman at the company. Mr. Wolens said the attack lured users into copying and pasting a Web address into their browser with the promise of showing them a neat video or telling them who was viewing the profile. Instead, that Web site installed malicious software that began filling their news feeds with violent and pornographic images without their knowledge.
Read More

Two Lakh FB accounts from Bangalore Hacked - 15th nov 2011

 
Bangalore:  Over two lakh city Facebook users woke up to a social media embarrassment yesterday morning as their accounts had been hacked and weblinks to their morphed pornographic pictures sent as feeds to friends and family.

Read More

Another FB news on nov 15th 2011

Basic requirements to be an Ethical Hacker.

< To Learn Ethical hacking ... Aspirant should have a long term goal ,discipline and more importantly Ethical. The Aim and objective of  Ethical hacking is for defense not offense >


Ethical hackers need hands-on security skills. Although you do not have to be an expert in everything, you should have an area of expertise. Security tests are typically performed by teams of individuals, where each individual typically has a core area of expertise. These skills include:

Routers —

Knowledgeof routers, routing protocols, and access control lists (ACLs).

Microsoft —

Skills in the operation, configuration, and management of Microsoft-based systems. These can run the gamut from Windows NT to Windows 2003.

Linux —

A good understanding of the Linux/UNIX OS. This includes security setting, configuration, and services such as Apache. These individuals may be Red Hat, or Linux+ certified.

Firewalls —

Knowledge of firewall configuration and the operation of intrusion detection systems (IDS) and intrusion prevention systems (IPS) can be helpful when performing a security test.

Network protocols —

Most modern networks are Transmission Control Protocol/ Internet Protocol (TCP/IP), although you might still find the occasional network that uses Novell or Apple routing information. Someone with good knowledge of networking protocols, as well as how these protocols function and can be manipulated, can play a key role in the team.

Credit 

Types of hackers

Hackers are divided into three categories :

1)    white hat hackers   2)    black hat hackers  3)    gray hat hackers

White hat hackers :

They are generally security professionals white hat hackers in computer slang’s refers to an ethical hacker, a penetration or vulnerabilities tester or a security expert White hat hackers are computer security experts who specialize in penetration testing and other testing methodologies, to ensure security. This white hat hacker uses the computer security tools, hacker tools and tactics to find or identify the exploits or vulnerabilities and works for security Now basically saying white hat hackers uses hacking techniques and skills in an ethical manner i.e. in defense purposes

Black hat hackers :

Comparing to white hat hackers black hat hackers are villains or bad guy’s , especially as the name suggests white hat hackers uses the hacking techniques for their profit , it can be from stealing information or money  by gaining unauthorized access or by destroy vital data Or anything it means they intent to cause problems for their subjects or targets . They break the Law, exploit Vulnerabilities, in other words they violate the system integrity with malicious intent.

Gray Hat hackers :

These hackers generally hack to learn. These types of hackers are the combination of both i.e. white hat hackers and Black hat hackers. Gray hat hackers may work for offensive purposes or defensive, depends on the situation and the choice.

There are self proclaimed ethical hackers, who are interested in gaining knowledge mostly for curious purposes. Most of the people fall in this category


Ethical hackers are up against several individuals in the battle to secure the network. The following list presents some of the more commonly used terms for these attackers:

Phreakers —

The original hackers. These individuals hacked telecommunication and PBX systems to explore the capabilities and make free phone calls. Their activities include physical theft, stolen calling cards, access to telecommunication services, reprogramming of telecommunications equipment, and compromising userids and passwords to gain unauthorized use of facilities, such as phone systems and voice mail.

Script/Click Kiddies —

A term used to describe often younger attackers who use widely available freeware vulnerability assessment tools and hacking tools that are designed for attacking purposes only. These attackers typically do not have any programming or hacking skills and, given the techniques used by most of these tools, can be defended against with the proper security controls and risk mitigation strategies.

Disgruntled Employee —

Employees who have lost respect and integrity for the employer. These individuals might or might not have more skills than the script kiddie. Many times, their rage and anger blind them. They rank as a potentially high risk because they have insider status, especially if access rights and privileges were provided or managed by the individual.

Whackers —

Whackers are typically newbies who focus their limited skills and abilities on attacking wireless LANs and WANs.

Software Cracker/Hacker —

Individualswho have skills in reverse engineering software programs and, in particular, licensing registration keys used by software vendors when installing software onto workstations or servers. Although many individuals are eager to partake of their services, anyone who downloads programs with cracked registration keys are breaking the law and can be a greater potential risk and subject to malicious code and malicious software threats that might have been injected into the code.

Cyber-Terrorists/Cyber-Criminals

An increasing category of threat that can be used to describe individuals or groups of individuals who are typically funded to conduct clandestine or espionage activities on governments, corporations, and individuals in an unlawful manner. These individuals are typically engaged in sponsored acts of defacement; DoS/DDoS attacks identify theft, financial theft, or worse, compromising critical infrastructures in countries, such as nuclear power plants, electric plants, water plants, and so on.

System Cracker/Hacker —

Elite hackers who have specific expertise in attacking vulnerabilities of systems and networks by targeting operating systems. These individuals get the most attention and media coverage because of the globally affected viruses, worms, and Trojans that are created by System Crackers/Hackers. System Crackers/Hackers perform interactive probing activities to exploit security defects and security flaws in network operating systems and protocols.

Now that you have an idea who the legitimate security professionals are up against, let’s briefly discuss some of the better known crackers and hackers.


Source

Credit

What is Ethical Hacking and why is it ?

I know Ethical Hacking( ET) is much of applied training then reading the definitions, But what to do friends, when we decided to start from A- Z , we have to cover this topic as well.


You can disregard this topic if you are aware of it. This article is targeted to newbies ONLY. 

 What is Ethical Hacking and why is it ?

Content and Index of the e-Learning - Ethical Hacking.

Chapter 1


Introduction  

      1. What is Ethical Hacking and why is it ? ( Click the link for reading)

2. Types of Hackers
3. Basic requirements to be an Ethical Hacker.

Basic Network

1. TCP/IP
2. IP Address 
3. SSH and Putty

 I will start posting topic by topic ASAP.

Thank you reading
Saba

Hacking Basics.

Hi All,
After i started this blog , many of FB/gtalk users started posting/email to me strange requests.


I am writing down few of note worthy/foolish questions here.


1) I want hack FB account
2) I am new to Security domain( user used hacking instead of security domain) and want to learn HACKING.

How to create Number trick on facebook

1) click on the your profile .
2) copy the Number in url ( only number)
3) replace xxxxx with url id number @[xxxxxxxxxxx:0]

How to create a quotation with number trick?

1) create a page under you FB page .
2) Add title to page with the your Fav quote (ex:- Do before ask, learn before you do - Saba)
3)Now you can see the Url of page will have Unique ID ,
4) copy the url and replacexxxxx the @[xxxxxxxxxxx:0]

this is simple trick :) enjoy 

Tor Browser Bundle -browse Anonymously

 

Tor Browser Bundle

---

The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from

HOWTO : Blind SQL Injection _ Videos

Credit to : KFProdigy

This is KFProdigy's work but not mine. I re-post it for educational purpose only.

SQL Injection

SQL Injection: What is it?

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.
In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.
SQL Injection: An In-depth ExplanationWeb applications allow legitimate website visitors to submit and

Wireshark v1.7.0 Released

Wireshark is the world's foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.

Source

Download

SQL Injection -Basics

I found this article @ Source 

I thought this is MUST read article for aspirants who are looking for Sql Injection basics   

Credit goes to author :-Source 


< Disclaimer:-  This tutorial is purely for educational purpose>

What is SQL Injection?

Spoiler

is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

Step 1: Choose Your Target

John the Ripper -a fast password cracker

John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.

John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.

Proceed to John the Ripper Pro homepage for your OS:

• John the Ripper Pro for Linux
• John the Ripper Pro for Mac OS X

Download one of the latest official free versions (release notes):

• John the Ripper 1.7.8 (stable, Unix - sources, tar.gz, 830 KB) and its signature
• John the Ripper 1.7.8 (stable, Unix - sources, tar.bz2, 680 KB) and its signature
• John the Ripper 1.7.0.1 (stable, Windows - binaries, ZIP, 1360 KB) and its signature
• John the Ripper 1.7.0.1 (stable, DOS - binaries, ZIP, 895 KB) and its signature

Download the latest community-enhanced version (release notes):

• John the Ripper 1.7.8-jumbo-8 (sources, tar.gz, 1371 KB) and its signature
• John the Ripper 1.7.8-jumbo-8 (sources, tar.bz2, 1144 KB) and its signature

 Source :- http://www.openwall.com/john/

Useful - Hack tools

http://www.beenuarora.com/work.html

I did not tried them yet ;)

Saba

Facebook Number trick Half-Explained

Interesting post going on Face book these days

To Paste  @[134282353283788:0]

on status or comment and you will get ‎Life is too short smile while you still have teeth

 

 

This number(134282353283788) indicates the page unique number ( click on the above link  ) and this will pick up title of page.

you can also create you own link.

Here is one .

@[169551793136994:] This is my page title.
@[100003140491969:] This is My FB name

Copy .. paste  and check out.


Frankly, still I am working on the syntax @ and :0 , I will post you update.
If some body know how does it work , please post the comments.
=================================================================================================
Here you go.. @ is used for tagging the friends , when ever you type @ in comments and Status .. you will be getting a drop down list where you can select friend/group/page. .. here in this trick , we are using @ and number( unique id) of page/friend/ etc. ... still working on Syntax [ ]:0 will update you...
==================================================================





Saba

Facebook Trick

1. Copy the below lines :

@[134282353283788:0]

2. Put on the comment line/Status
...

4. Enter

try it ...... :P

TCPEye Network Monitoring

Description

TCPEye V1.0 is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer.
For each port in the list, information about the process that opened the port is also displayed,
including the process name,
full path of the process,
version information of the process (product name, file description, and so on),
the time that the process was created,
and the user that created it.
Country Name + Flag
In addition, TCPEye allows you to close unwanted TCP connections,
kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file.
TCPEye also automatically mark with pink color suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons)
Compatible Windows XP/Vista/7/Server 2003/2008/

source