Download: Login Spoofer

With this phishing and hacking software you can create login forms for facebook,Hotmail,Gmail,Yahoo very easily!

Difference Between DDR2 and DDR3

Its not always the software of the computer that slows it down.The RAM is a major key.Ger a sneak peek in the latest versions of RAM

Adobe Photoshop CS5 Keygen

Unlock your Adobe Photoshop for free now! And get all an access pass to edit photos.

Top 10 Hacking Softwares

Download the most deadly hacking softwares on the internet for free!

Download Kaspersky Internet Security Keys

A huge list of keys which is bound to make your version of 30 day trial into Full version!

Thursday, March 31, 2011

How to hack a website/web server - 3 step guide.



I get lot of mails from people who ask me two questions very frequently; First is "abhinav can you hack facebook,gmail,orkut etc" and the second is "how can i hack a website" .
The first question is very irrelevant as there are no defined techniques to hack such secure sites . You can only hack someones account only by making the victim to commit some mistake like making the victim to enter informations in a phishing page etc . 
The second question is very relevant and is a wide field of study . Hacking web sites and online servers is a hot thing to study about but it requires extensive knowledge of various terminologies related to networking . 
One thing that forms the basis of hacking is that there are no pre-defined techniques to hack anything. Every software,application,server has different techniques to hack . So we cannot say that this is a sure shot technique to hack all the websites . It totally depends upon the technology and platform on which the website is based . 
But there are some of the most basic steps that every hacker follows to hack any perticular website or server .
These steps forms the basics of web hacking. It involves the use of some popular free tools available for download on the internet . I have divided the entire process into 3 different steps .

Step 1 - Gaining information 

This is the bigging step where you have to collect various information about the website or the server host . The informations include ip address,banner grabbing to know some services running on it , location of the server , other domain addresses linked to it etc . This process is also termed as Reconnascence.


Step 2 - Enumeration and scanning for vulnerabilities  

What is Enumeration ? If acquisition and non intrusive probing have not turned up any results, then an attacker will next turn to identifying valid user accounts or poorly protected resource shares.
This step involves finding out the various services that are running on the server and to find out the open ports . Lots of tools are available to perform this step but the best among them is NMAP.


Step 3 - Gaining access to the server/remote host

This is the final step in which we exploit the running services that we found in step 2 to gain access to the server or remote host . Running exploits require a good knowledge of shell scripting . Once you have found out the various services running on the server you can search for available flaws that are there and exploit it to gain access to the server. 


DARKLORD!!

Step 3 - Gaining access to the server/remote host through vurnabilities.


This step involves gaining hidden access to the remote system by exploiting the vurnabilities that are there in various different services of the host .
To gain access using the vulnerabilities found you can use METASPLOIT . This is a popular exploit scanner and execution tool .
Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools and information on this site are provided for legal security research and testing purposes only. Metasploit is an open source project managed by Rapid7.
To know more about metasploit you can view the following flash tutorial by"Metasploit at iron geek".
Metasploit can be downloaded from the following link.
 There’s a presentation by HD Moore himself at Cansecwest 2006: csw06-moore.pdf And a couple of videos spawned from that here: Computer defense – TASK Presentation


Step 2 - Enumeration and scanning for vulnerabilities



This is the next step to hacking a website or a web server . This step involves gathering information about the web host that can be utilized to find loop holes or errors on the services running on the server.
In order to find out what services are running on the perticular web server and what are the open ports on the perticular server we use a very popular tool called NMAP . You can download NMAP from the following link. 

This tool will scan the server and will give you information about all the services running along with the version of the services.
The next step involves scanning for vulnerabilities.
I personally recommend you to use NESSUS security scanner . Its the dest tool available to search for exploits in perticular types of services. This will help you to find the various security flaws that are there in the perticular type of service running on the web host.
. These tools will scan all open ports, regardless of common and defaulted settings. This will confirm listening services and check those against a database of exploitable services. To see if you are running any services that are mis-configured or vulnerable to exploits.
To learn more about NESSUS you can visit this link.

If acquisition and non intrusive probing have not turned up any results, then an attacker will next turn to identifying valid user accounts or poorly protected resource shares.
Enumeration involves active connections to systems and directed queries.





step 1 - Gaining information


This is the most basic step that deals with gaining information about the perticular website/server .
One can manually gain information by popular techniques like banner grabbing .
You can do a manual information check on the target server . This is known as Reconnaissance.
Active Reconnaissance involves probing of network to detect accessable hosts , open ports , location of routers etc . You can find all available ip addresses so that you can perform the next scanning phase.

Monday, March 28, 2011

3 reasons to like the new facebook image viewer.



There is always a big question in my mind that why big platforms are so keen to keep changing there interface every now and then even its good enough . Maybe to show their users that they are on their toes to provide best facilities or somthing else .
Facebook is one of them who just runs after changing its platform features to somthing that receives waves of critics and appriciation. This time the new image viewer of facebook has been targeted by people and technology experts around the globe .
Tom Grieg wrote on techcrunch why people dislike the facebook image viewer so much . That was an intresting article but i believe that Mr Grieg did not notice the technical aspects of the feature brought by facebook. He was more inclined towards user reviews.
There are many facebook groups like "i hate the new facebook image viewer" , "facebook should remove the new image viewer" etc .
If you are also against the new image viewer then there is a good news that you can easily switch back to the old image viewer whenever you want .
Here is how you do it : Click on the picture you want to view . Once the image is uploaded completely you can press F5 and return back to the old viewer.
Now the crux of this post is that the new image viewer infact has some great significance. Facebook is such a popular platform that every minute thousands of photos are uploaded by its users . The major problem that arises when viewing an image is how faster it uploads. Here i will put forward 3 reasons why you should give a second thought to your belief that the new image viewer is crap.

Reason 1 : Faster upload 
The biggest motive of building this new viewer was faster uploading of images. Many times viewing images from news feed was cumbersome as it took larger time to load a new php script with a fresh page to load the image . This problem was sorted out by immidiately loading a javascript that will manage the image viewing and will have no relation with the current page you are working on. This has greatly enhanced the speed as the time taken to load a new page is reduced .

Reason 2 : Enhanced functionality with larger screen view of images
If you have not yet noticed then give another look to the new viewer . The adds that facebook shows on the right side are not there when we are using the image viewer . This provides a wider screen view of images . Also various shortcut keys are there for better navigation of images in albums . The look completely gives the feel of viewing the image in an image viewing software.
There is a reason why facebook chose a black backgroung in their image viewer.
Here is what facebook developers have said about it - " First, photos felt much more vibrant on black and really stood out more against the background.  Second, without the ads in the right column, the image was free to take up extra space, allowing for a photo to span the full width of the page.  Lastly, we  decided that although the images looked good on black, the caption and comments were difficult to read, so we moved to a two-tone layout with the ability of fitting larger-sized images."


Reason 3 : scalable according to size of browser window.
It might sound simple but in my openion its not easy to build such a thing that can quickly scale itself according to window size without loosing much of its resolution . Try this out , when you have uploaded an image then restore down your browser window . Then you will get a clear feel of what i want to say . 
look at the following snapshots.


The first image is in full browser window screen and the second is in a restored down window screen . Still the scalability of the image has been maintained to a large extent in it.
The image viewer is really cool but there is one thing that has always been the tag of new things that facebook brings and that is "Facebook simply copies form others" . To many extent this is true also . If you look at its new features like places , photo tagging etc , all have been a more or less the same thing that has been made before but facebook simply copied it and gave it its name . This time i leave it to you that from where facebook might have got an hint of building such an image viewer .
Hint : the biggest rival of facebook.

DARKLORD!!

Sunday, March 27, 2011

What the 'F' about "OPEN" ?




Open. Open. Open. Open. Open. Open. Open. Closed.

I’ve never liked Google’s use of the word “open” to describe the Android operating system. On one hand, the “openness” has led to situations where carriers can more easily screw consumers. On the other hand, their system is really only “open” when it’s convenient to be. Wanna include Google’s services on your Android device? Sure, sign this partnership agreement. Wanna check in code for Android? Do you work at Google? No. Well then you’ll have to wait. Open.

But still, every chance they get, we hear from Google how open Android is, as if it’s the perfect answer to every question. How are you going to compete with Apple? Open. How are you going to keep the carriers in check? Open. How are you going to make money from Android? Open. Why is the Android experience sub-par? Open.

And then there’s the news that broke this week. Google, of “open” fame, is delaying the release of the source code for the latest version of Android, Honeycomb, Bloomberg BusinessWeek first reported. Why? So they can work on it and refine it. Behind closed doors. Open.

First of all, the fact that code has to be released at all says just about all you need to know about Google’s “open” claim. Facebook developer Joe Hewitt (formerly of Mozilla — an actual proponent of open) ripped Google a new one for this and other bastardizations of the word “open” last year.

His point wasn’t that Google’s model for Android is bad — it’s simply that the use of the term “open” is FS. And this latest development further emphasizes that. The real value of “open” to Google is as a marketing term.

Is Android more “open” than iOS is? Yes. But the way Google has been throwing around the word is in absolute terms. It has been ”open” (them) versus “closed” (Apple). That’s simply not true. And in that context, being “more” open is like being “kind of ” pregnant.

That’s not to say there aren’t benefits of being more open — there absolutely are. But as Google will have to admit now, there are also clearly benefits to being more closed as well. As is the case with nearly everything, the situation is not so black and white.

So how long will Android be closed for? That’s not clear. Bloomberg cites Google as saying “at least for the foreseeable future” — which sounds sort of promising. But later in the article they note: “The delay will probably be several months.” Ugh.

It’s important to note that this won’t have an impact on some of the Android Honeycomb tablets already in the pipeline. Obviously, the first of those, the Xoom, is already out there in the wild. And more are coming shortly. But these will only be from Google partners, the big guys like HTC, Samsung, and Motorola. Anyone else hoping to tinker with Honeycomb and build their own tablets will have to wait. Again, likely for months.

In announcing the delays, Google is also admitting that they took a “shortcut” as Android lead Andy Rubin puts it. “We didn’t want to think about what it would take for the same software to run on phones. It would have required a lot of additional resources and extended our schedule beyond what we thought was reasonable,” he tells Bloomberg.

Why such a tight schedule? Well it’s never specifically mentioned, but you should be able to put two and two together — “two” being the keyword: iPad 2. Google clearly wanted to get the first Honeycomb tablet out before the iPad 2 came along and took over the tablet party once again.

So was it worth the rush? If you read the initial reviews or talk to people who have used the Xoom extensively (like Jason), the answer is pretty clearly “no”. And given the backlash Google is now facing over the closing of their “open” platform, the answer is even more clearly “no”.

But again, this is actually the right thing to do. If Google doesn’t lock down the Android source code and refine it, the end result is likely to be pretty messy. It would lead to a bunch of products that range from mediocre to bad to awful. And if Google really hopes for Android to compete with the iPad, they can’t have that.

I just hope we aren’t sitting in the audience at Google I/O this coming May hearing all about the epic battle of “open” versus “closed” once again. It sounds good — until you have to contradict yourself.

Saturday, March 19, 2011

All About Botnets and Zombies


We all have heard alot about these two terms ie, botnets and zombies .
They are now considered as synonyms of viruses and malwares . First I will tell you what basically botnets and zombies are , then some statistical figures and at last i will show you how zombies are now used extensively.
What are botnets and zombies ?



A botnet or robot network is a group of computers running a computer application controlled and manipulated only by the owner or the software source. The botnet may refer to a legitimate network of several computers that share program processing amongst them.

Usually though, when people talk about botnets, they are talking about a group of computers infected with the malicious kind of robot software, the bots, which present a security threat to the computer owner. Once the robot software (also known as malicious software or malware) has been successfully installed in a computer, this computer becomes a zombie or a drone, unable to resist the commands of the bot commander
A zombie computer  is a computer connected to the Internet that has been compromised by a cracker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies.

How do zombies work?
Spammers may be using your computer to send unsolicited — and possibly offensive — email
offers for products and services. Spammers are using home computers to send bulk emails by the
millions. Indeed, computer security experts estimate that as much as 30 percent of all spam is relayed by infected computers actually located in home offices and living rooms, but controlled from spammers from afar.
According to the Federal Trade Commission (FTC), the nation’s consumer protection agency,spammers can get into your computer in several ways, depending on what kind of Internet connection you have. All computers connected to the Internet are potential targets, but those with broadband (dsl, cable modem) connections are especially attractive to spammers because they are “always on.”Spammers scan the Internet, searching for points of entry and then install hidden software that allows remote access to your data and programs. That, in turn, allows the spammer to send relay their spam and send the spam messages out from your computer.

How does your computer become infected with a zombie?
Remote access software also can be installed by a virus: A spammer sends email with a virus in theattachment. If you open the infected attachment, a virus is released that installs the hidden software.The person who sent the virus now can access the data and programs on your computer, or take over many computers and use them to send spam.

How would you now if your pc is a zombie?
It can be very difficult to tell if a spammer has installed hidden software on your computer, but
there are some warning signs. For example,you may receive emails accusing you of sending spam;
you may find email messages in your “outbox” that you didn’t send; or
your computer is using more power than it has in the past to run the programs you use. (typically, the computer becomes slower to respond)
If your computer has been taken over by a spammer, you could face serious problems. Your
Internet Service Provider (ISP) would see the huge number of emails coming out from your account and may prevent you from sending any email at all until the virus is treated, and treatment could be a complicated, time-consuming process.

Wednesday, March 16, 2011

All about Denial Of Service Attacks

A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. In a distributed denial-of-service, large numbers of compromised systems attack a single target

Types of Denial-of-Service Attacks



There are several general categories of DoS attacks. Some groups divide attacks into three classes: bandwidth attacks, protocol attacks, and logic attacks.




Bandwidth/Throughput Attacks

Bandwidth attacks are relatively straightforward attempts to consume resources, such as network bandwidth or equipment throughput. High-data-volume attacks can consume all available bandwidth between an ISP and your site. The link fills up, and legitimate traffic slows down. Timeouts may occur, causing retransmission, generating even more traffic.

An attacker can consume bandwidth by transmitting any traffic at all on your network connection. A basic flood attack might use UDP or ICMP packets to simply consume all available bandwidth. For that matter, an attack could consist of TCP or raw IP packets, as long as the traffic is routed to your network.


A simple bandwidth-consumption attack can exploit the throughput limits of servers or network equipment by focusing on high packet rates—sending large numbers of small packets. High-packet-rate attacks typically overwhelm network equipment before the traffic reaches the limit of available bandwidth. Routers, servers, and firewalls all have constraints on input-output processing, interrupt processing, CPU, and memory resources. Network equipment that reads packet headers to properly route traffic becomes stressed handling the high packet rate (packets per second), not the volume of the data (Mbps). In practice, denial of service is often accomplished by high packet rates, not by just traffic volume.


Protocol Attacks


The basic flood attack can be further refined to take advantage of the inherent design of common network protocols. These attacks do not directly exploit weaknesses in TCP/IP stacks or network applications but, instead, use the expected behavior of protocols such as TCP, UDP, and ICMP to the attacker's advantage. Examples of protocol attacks include the following:


SYN flood is an asymmetric resource starvation attack in which the attacker floods the victim with TCP SYN packets and the victim allocates resources to accept perceived incoming connections. As mentioned above, the proposed Host Identity Payload and Protocol (HIP) are designed to mitigate the effects of a SYN flood attack. Another technique, SYN Cookies (see http://cr.yp.to/syncookies.html), is implemented in some TCP/IP stacks.


Smurf is an asymmetric reflector attack that targets a vulnerable network broadcast address with ICMP ECHO REQUEST packets and spoofs the source of the victim (see http://www.cert.org/advisories/CA-1998-01.html).
fraggle is a variant of smurf that sends UDP packets to echo or chargen ports on broadcast addresses and spoofs the source of the victim.




Software Vulnerability Attacks


Unlike flooding and protocol attacks, which seek to consume network or state resources, logic attacks exploit vulnerabilities in network software, such as a web server, or the underlying TCP/IP stack. Some vulnerabilities by crafting even a single malformed packet.


teardrop (bonk, boink) exploits TCP/IP IP stacks that do not properly handle overlapping IP fragments (see http://www.cert.org/advisories/CA-1997-28.html).

land crafts IP packets with the source address and port set to be the same as the destination address and port (see http://www.cert.org/advisories/CA-1997-28.html).


ping of death sends a single large ICMP ECHO REQUEST packet to the target.


Naptha is a resource-starvation attack that exploits vulnerable TCP/IP stacks using crafted TCP packets. (See http://www.cert.org/advisories/CA-2000-21.html).


There are many variations on these common types of attacks and many varieties of attack tools to implement them.


Denial-of-service attacks may be effective because of a combination of effects. For example, an attack that does not fully consume bandwidth or overload equipment throughput may be effective because it generates enough malformed traffic to crash a particular service, such as a web server or mail server.




DARKLORD!!!

Wednesday, March 9, 2011

HACK THE DARKLORD - Challenge 3


Here is the third and final challenge of online hacking challenge "hack the darklord" .

For those who have missed the first two challenge , here is the link .

CHALLENGE 1              CHALLENGE 2

Instructions for challenge 3

  • This challenge consists of 10 questions . Each question is of 20 marks so the overall challenge is of 200 marks.
  • No negative marking .
  • Do not take the same challenge more than once as it may lead to disqualification.
  • Fill in your name , branch , year , roll number and then proceed for the challenge.
ALL THE BEST .

Enjoyed the challenge..like us on facebook



Sunday, March 6, 2011

HACK THE DARKLORD - Challenge 2


Hope you enjoyed the challenge - 1   of "Hack the Darklord " . For those who have still missed it , here is the link 
Here is the second challenge for you . A bit tough than the previous one . Hope this will brush you a bit more . 
This round will also be of 200 marks . The marking sceme is mentioned below . Keep playing daily to get bonus reward . The results of the top scorers of the challenge 1 will be posted soon.
The final Winner of the online challenge will win a special prize on the prize distribution day so keep fighting.

INSTRUCTIONS FOR CHALLENGE 2 :

  • This challenge consists of 15 objective type questions with single correct answer .
  • Questions numbered from 1 to 10 are of 15 marks each with no negative marking.
  • Questions numbered from 11 to 15 are of 10 marks each with no negative marking.
  • Instructions for bonus points :
  • If you play the first three challenges continuously (one challenge in one day for 3 days) then you get a bonus of  50 points and if you play all the online challenges till 10th march then at the end of the event you will be rewarded a bonus of 100 points .
  • Do not take the same challenge more than once as it may lead to disqualification.
  • Fill in your name , branch , year and then proceed to the challenge .
LET THE HACKING BEGIN

ENJOYED THE CHALLENGE!!
Like HackingAlert on Facebook

Saturday, March 5, 2011

HACK THE DARKLORD - Challenge 1



Hack The Darklord  online challenge starts today . 
participate in the online event to get the feel of hacking . This online event will be very helpful for the biggners of hacking . 
There will be one challenge per day . 
Every challenge is of 200 marks . If you play continuously one challenge everyday for 3 days then you get a bonus of 50 points and if you play all the online challenges everyday then  you will get a bonus of 100 points  .
The winner of the online event will win a special prize and the top scores will get a direct entry in the second round of "hack the darklord" .

Scroll below to read the instructions and begin the challenge .

Instructions :

  • This challange has got 20 objective questions that are designed to check your basic knowledge of hacking . 
  • Attempt all questions as there is no negative marking . 
  • Fill in your Name , Branch and year in the form and then proceed to the question section.
  • The questions have single correct answers . 10 marks for each corrent answer and no negative marks .
  • Please do not face the same challenge more than once as it can lead to elimination from the online event.
LET THE HACKING BEGIN

CHALLENGE - 1


Enjoyed the challenge !!
Like us on facebook



Thursday, March 3, 2011

Advanced Hacking Tutorials - For those who think Hacking is child's play




I hope you have enjoyed my previous two posts on basic hacking tutorials .
I received waves of responses from all my lovely visitors . Many enjoyed it , many found it confusing and many found it cake walk .
So i decided to take things a step ahead and provide some advanced materials on hacking .
Here is a set of some advanced books related to hacking and cracking . Hope you will love this one too.
You can also find great hacking softwares here.
If you have some great tuts, or any query then do comment here.

DOWNLOAD 

DARKLORD !!

Wednesday, March 2, 2011

Ultimate Starter material to learn Hacking - Tutorials, ebooks and ppt's



If you liked my previous post of hacking material then you are going to love this one. I got several comments stating that the yesterdays hacking material was a bit too much and confusing to start with .
So i thought to refine my previous post and this time i have made it more interesting . This time i have also added some ppt's that will give you a basic idea on some basic terms and definitions related to hacking .
Then there are some e-books that will help you build your information right from the base .
Try them out .

DOWNLOAD

DARKLORD !!


Tuesday, March 1, 2011

The Ultimate Hacking Tutorial and e-books




For all those who are searching for the right material to start their hands on hacking then here is an exclusive and comprehensive set of materials to start.
For any queries you can comment below.

DOWNLOAD

DARKLORD!!