Download Firecat - Collection of Hacking and Penetration Testing softwares

Many time we keep on looking for the right tool at the wrong time , ie when we are in an emergancy . Firecat is a firefox browser based collection of tools at a single place . 

Various softwares that are essential for network analysis and penetration testing are compiled under a single Tree menu thus making the search and use of tools easier . The tool contains the official home pages of the tools which helps you you in quick access of them either by downloading them or by accessing them from your own hard drive.

The software can fit well to your collection of must have tools as it can be handy at times . The installation process is also very simple . Just download the rar file and extract it in any folder and start using it by running the html file in the extracted folder.

DOWNLOAD

DARKLORD!!

Read More

Understanding Cain and Able - Beginner to Expert

This is my final post on the topic of ARP spoofing and poisoning . I hope you all have loved my other two posts in which I had built the grounds for understanding the basics of network protocols and ARP poisoning .

In case you want to read those post then here are the links :
The basics of NIC,MAC and ARP- Complete tutorial

The art of ARP spoofing/flooding/poisoning

Moving forward to the third and final post in this series , I will now focus on how we can use Cain and Able to perform the attack of ARP spoofing using this tool.
I will explain the other cool uses of this tool as well and then focus on how to use it as a sniffer.
Since I do not have a LAN setup to explain you with my own example so I picked up some good tutorials and papers from the net to explain you the things clearly .

Here is the Download link for Cain and Able - Download


DESCRIPTION
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kinds of passwords by sniffing the network, cracking encrypted passwords using Dictionary & Brute-Force attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzingrouting protocols. It also has ARP poisoning and spoofing capabilities, making it into anextremely powerful hacking or auditing tool. The ARP spoofing feature works in a similar way as described in the "ARP Spoofing" tutorial. Indeed it would be wise to read that tutorial before attempting to use Cain.
Environment
1. Install and run Cain. Immediately when it opens you can see the first disturbing scene. All the cached passwords are shown in the "Protected Storage" tab. These include passwords from IE, Outlook or other HTTP transactions.

2. The "Network" tab is a scaled enumeration system, able of enumerating all Windows computers it can find on the local network.

3.The most interesting (IMHO) feature of Cain is in the "Sniffer" Tab. Cain allows you to ARPSpoof, Sniff and Brute force passwords all via one interface. Notice that the "Sniffer Tab" has 5 sub-tabs - Hosts, APR, DNS Spoofer, Routing and Passwords.

4. To start ARP Spoofing, you need to activate the sniffing daemon and the APR daemon. You do this by clicking on both the "Sniff" and "APR" buttons at the top of the window 


5. Make sure you are in the "Sniffer" tab, and right click anywhere inside the tab. You should see a "Scan MAC addresses" option. Click it.

6. Choose the appropriate IP range that suits your local network and click "Ok".

7. A quick scan should occur, giving you all the MAC addresses present in that subnet.

8. Once the scan is complete, move to the APR sub-tab at the bottom of the window.This is the window in which you choose the computers you want to attack. Now click on the blue "plus" sign at the top of the windows to add hosts to attack.


9. You should get the following screen:

10. Now we wait for the attacked host to enter password data to services such as FTP, HTTP, POP3, IMAP, and lots of others. In the following screenshot, an FTP password was intercepted.

11. We can see that the FTP session between 192.168.1.32 (Attacked Computer) and 194.90.1.6 (Netvision's FTP server) was router via our computer. Now click on the "Passwords"see the captured passwords.

12. For encrypted passwords such as SMB (NTLM in it's various flavours) you can send the password to a Brute Force session.

13. After sending the password to the cracker, click on the "Cracker" tab and start the required attack.

This was a quick tutorial about Cain's ARP Spoofing ability. Apart from ARP Spoofing Cain can do lots of other wonderful things, just take time to *carefully* learn the application.
I will be posting more article on how we can use some of the popular tools that are available in the web world but first I will focus on the basics of it then move onto the use of tool . Hope you enjoyed the article.
Post your comments and suggestions to encourage me .


DARKLORD!!

Read More

Google Malware warning system alerts users about infections

Google is instituting a new malware warning system to alert users that their computer may be infected with malware.
The new feature was implemented after Google detected an issue on its servers related to multiple malware infections.The new Google malware system displays a message to users at the top of the Google search results page when it detects possible issue.
The search engine giant decided to take action after discovering unusual search traffic while performing routine maintenance on one of their data centers, according to Damien Menscher, a Google security engineer.

“This particular malware causes infected computers to send traffic to Google through a small number of intermediary servers called ‘proxies,’” Menscher wrote in a blog post announcing the new Google malware warning feature.
The malware only affects computers running Microsoft Windows. When detected by Google’s system, it is likely that the computer is, or was previously, infected with the malicious software, Menscher wrote.
Some malware may alter the victim’s computer settings, redirect some traffic to a malicious server controlled by the attacker and can taint search results, according to Menscher. Tainted search results can lead people to malicious webpages and trick users into downloading rogue antivirus software.
The move is reportedly the first time Google is taking proactive measures to detect and warn users about malware infections. Microsoft is advocating a plan to get ISPs to be more proactive in scanning and alerting users to infections.

Trustworthy Computing Vice President  Scott Charney advocated for more proactive measures at his RSA Conference keynote in March. In his keynote he said ISPs should use more aggressive network access control measures for inspecting and cleaning computers before allowing them onto the Internet.
Google will not block infected users from accessing its search function. The company will provide recommendations to users for scanning systems for malware, how to remove infections, and information about why the victim may have been infected in a Google Help Center document.
Refrence : google blog.


DARKLORD!!

Read More

The art of ARP spoofing/flooding/poisoning

So far I was mostly concentrating on web hacking and its counter measures but in the recent past I have shifted my focus more onto wireless hacking. It is as big and tricky as wireless hacking but it requires more deeper understanding of the basics of networks. In one of my interviews I ws asked a question on ARP poisoning ( Thanks to Sachin Sir) wich I couldnt answer . Since then only I shifted my focus onto wireless hacking in LAN and soon on WAN too.
In my previous post I explained the basics of NIC,MAC and ARP. The main motive of that post was to build the grounds for ARP poisoning which I will explain in this post . In this post I will explain the concept behind it and then in my next tutorial on Cain and Able I will explain how it can be used for this hack.
In case you are not aware of technicalities of these terms then please refer the above link first .

ARP spoofing/flooding/poisoning

This is a technique to attack LANs that use arp as the address resolution technique. This attack involves sending fake or spoofed messages onto a LAN and fool other machines .


ARP spoofing is the technique of forging fake ARP messages on a network. It is possible to update a host's ARP cache with false information via spoofed ARP Replies. This technique is known as 'ARP Poisoning' and is the basis of more complex attacks. The most dangerous amongst them is Sniffing . Poisoning can also help in causing DoS type of attack too but here we will primilarly focus on Sniffing the ethernet data.

Sniffing is the term used to describe the reading of all packets on a network segment. This is relatively easy on a network connected via a hub as ethernet is a broadcast medium and the attacker would only have to place his NIC in promiscuous mode to 'sniff' all traffic on that network segment. In a switched network this is not possible. This is because a switch builds a table of MAC addresses and their associated ports when the switch is powered on. When a host transmits an ethernet frame the switch examines the destination MAC address and routes the frame to the associated port as given in the switch table. Therefore it is not possible to sniff any traffic on the network.
There are two methods to sniff traffic in a switched environment using ARP Poisoning. The first is for the attacker to send multiple spoofed ARP Replies to the switch. The switch will process these replies, updating its table. If this is done at a rapid rate the switches table will overflow and the switch will default to broadcasting all traffic to all ports. The attacker can now 'sniff' all network traffic.

The second method involves a 'man in the middle' style attack. I will explain this technique in detail by aid of an example. Below is a simple network segment with three hosts in a switched environment.

The attacker wishes to sniff all traffic that A sends to B and visa versa. This is currently not possible as the attacker is connected to the network via a switch. The correct IP addresses and MAC addresses for each host are as follows:
Host                IP Address             MAC Address
Host A           192.168.0.2          00:00:00:00:00:02
Host B           192.168.0.3          00:00:00:00:00:03
Attacker         192.168.0.4          00:00:00:00:00:04


Firstly the Attacker will poison A's ARP cache with a spoofed ARP Reply. The ARP reply will tell A that the IP address of B now has a MAC address of 00:00:00:00:00:04. Once A has processed the ARP Reply its ARP cache will look like this:
Host              IP Address             MAC Address
Host A          192.168.0.2           00:00:00:00:00:02
Host B          192.168.0.3           00:00:00:00:00:04
Attacker        192.168.0.4           00:00:00:00:00:04

Secondly the Attacker will poison B's ARP cache with a spoofed ARP Reply. The ARP reply will tell B that the IP address of A now has a MAC address of 00:00:00:00:00:04. Once B has processed the ARP Reply its ARP cache will look like this:


Host           IP Address            MAC Address
Host A      192.168.0.2           00:00:00:00:00:04
Host B      192.168.0.3           00:00:00:00:00:03
Attacker   192.168.0.4           00:00:00:00:00:04

Now whenever A sends B an ethernet frame the switch will route it to the attackers port, this will also be the case whenever B sends A an ethernet frame. The attacker may now 'sniff' the traffic whilst forwarding it on to its originally desired host.
The thing to keep in mind here is that the attacker must perform the two way poisoning so that it can recieve the packets as well as send it to the destination . In this way the connection will always be alive between the two communicating hosts and the attack will perform successfully.


Protection


To protect a hosts ARP cache from being poisoned it is possible to make it static. If an ARP cache has been made static it will not process any ARP Replies received unlike a dynamic ARP cache. This is not practical for large networks as the correct IP address to MAC address association of every host would have to be present in the cache of every host before it is made static. If one host changed its MAC address (e.g. after replacing a NIC) all hosts ARP caches would need to be updated manually. On windows a login script could automate this process however it has been reported Windows will still accept and process ARP Replies even when the ARP cache has been made static.
It is also possible to use Intrusion Detection Systems (IDS) to detect ARP Poisoning attacks. Arpwatch is a tool that will monitor a network for any changes in MAC address to IP address association, e-mailing the administrator should any such offence occur.


Here I have added a cool flash that will help you understand the whole process digramatically. I got it from oxid , the makers of Cain and Able.
Stay tuned for my next post on how to perform ARP poisoning using Cain and Able.

DARKLORD!!

Read More

The Basics of NIC , MAC and ARP - Complete tutorial!

Hello friends . I am posting this article just to make my readers familiar with some of the most basic yet misunderstood terms of Computer networks. I recently came across one of my blog followers who was having trouble with these terms . Not only he , in fact many of us face these problems . The issue is that we straight away jump into using tools and learn quickly from the various technical papers available over the net but we tend to forget the basics of networks and these three terms are used most frequently . I am starting with this basic article as I am trying to build a solid ground to explain my readers what exactly is ment my ARP flooding/ARP spoofing . This is the most deadly wiresless LAN hack currently in practice. There are plenty of tools available to launch the attack but we should understand the basics of networks so that we can understand the attack well and then apply relevant security measures. Later on I will post a tutorial on ARP spoofing using Cain and Abel.

The Basics :

You must be familiar with the term IP address( if you are not then you are on the wrong site buddy) . Just like your home has a mailing address in the same way computers or devices connected over the internet have a mailing address called the IP address . It can either be static or dynamic. In case its static then it will remain unchanged everytime you connect to a network and if its dynamic then a local DHCP server grants you a new IP address everytime you connect to internet.

So with machines coming and going on networks, and IP addresses ever changing, how do other computers on your network find Redbeard? The secret (well, not really a secret; just a fact that veteran administrators know so well, they forgot to tell you) is this: every networked device actually has two addresses. One is the IP address, which might or might not change. The other is the MAC address, which typically does not change.


When you connect a computer to your Ethernet LAN, do you know what you're plugging the Ethernet cable into? From the outside, it looks like you're plugging it into a metal case, but you're not. Inside the case is a Network Interface Card (NIC). A NIC is a special hardware card within any networked device (computer, printer, router, etc.) that handles all the technical aspects of sending and receiving data packets over a computer network.


Like your mailing address at home, your computer's NIC has a unique address. This address must be unique in all the world. Otherwise, network traffic couldn't find its way to the right computer.


The distinctive address that identifies a NIC is called the Media Access Control (MAC) address. A MAC address is a unique character string, and since it identifies a specific physical device -- one individual NIC -- the MAC address, by convention, never changes for the life of the NIC. Two NICs never have the same MAC address (unless some manufacturer screws up royally [which has happened]). Because your NIC's MAC address is permanent, it's often referred to as the "real," or physical, address of a computer.


A MAC address is formatted as a six-byte, hexadecimal number, like this:


00:90:7F:12:DE:7F


So why do we need IP when we have MAC?


Good question (by me) . Actually MAC address are fixed so they cant be changed hence they are not as scalable compared to IP address. IP address have several other features like subnetting and supernetting which gives a logical understanding of the presence of a machine in a network. These facilities are not with the MACaddress.
Also MAC address are not routable . The Internet Protocols will not treat them as an address of a source or destination . Hence IP address in many ways simplifies our task.
The malleable IP address gives your network some flexible manageability. The never-changing MAC provides a specific, reliable address for a physical device.
Or you could say, we have the long and the short of it. IP addresses route a packet across the whole global Internet, while MAC addresses help the packet make the small, local hop between hardware devices. Sophisticated networking is possible because each of your networked devices has both a MAC and an IP address.
So what next good question comes to our mind? How MAC and IP co-ordinate?


Lets bring ARP(address resolution protocol)


The lamest definition that we study in local networking books is - network layer protocol that is used to convert IP address into MAC address.(absolutely true)
Lets talk cool now -


We began by wondering, "How do devices on a local network become aware of one another?" NICs and MACs are important pieces of the answer, but your network must learn to pair a MAC address with the IP address for the same machine. It does so using a technique called Address Resolution Protocol.


Think of ARP as network roll call. Remember the first day of your college/school? At the beginning of class, the teacher called from a list of names, expecting you to reply when she called yours. She did this to associate your name with your face. Every student heard every name, but answered only to his or her own name. ARP uses a similar technique to associate an IP address to the MAC address.


Let's assign Abhinav the IP address, 192.168.39.101, and suppose his NIC has the MAC address, 00:A0:24:30:2E:13. And suppose he need to send a file to Jaya or more literally, to her computer. When Abhinav attempts to send jaya a file, Abhinav first obtains Jaya's IP address. Upon seeing that the IP address is local (on the same subnetwork), Abhinav knows he is capable of sending the file to her destination, if he learns the "real" (MAC) address associated with that IP address. To learn the MAC address, Abhinav does what your teacher did on the first day of school/college. He calls out to the entire local network asking that the computer with the IP in question reply "Here!" with a MAC address.


Let's say that Jaya has the IP, 192.168.39.148. To find the MAC address for Jaya, Abhinav would send the following (simplified) ARP request:

From: (Abhinav's MAC address)	To: (Broadcast address)	Packet Content
00:A0:24:30:2E:13	FF:FF:FF:FF:FF:FF	Who has 192.168.39.148? Tell 192.168.39.101.

Notice the special address in the "To" field above. That special address (all Fs) is the MAC broadcast address. Anything sent to that address goes to every computer on LAN segment. All those computers receive the message, but ignore it, because it doesn't pertain to them -- with the exception of Jaya. Because Jaya is 192.168.39.148, she replies with her MAC address, like this:

From: (Jaya's MAC address)	To: (Abhinav's MAC address)	Packet Content
00:A0:24:30:4C:23	00:A0:24:30:2E:13	I have 192.168.39.148

This is how Abhinav will finally succeed in finally sending his file (not a love letter) to Jaya after identifying her MAC or physical address.

In short Abhinav ARPed Jaya.

Here is a picture to demonstrate this process.

Having successfully ARPed, Abhinav stashes the newly-learned MAC/IP pair in an ARP cache. The ARP cache is a small segment of memory your computer reserves to temporarily store a table of MAC addresses and their associated IP addresses. Your computer keeps this table for efficiency so that it doesn't have to keep broadcasting ARP requests to computers it has already queried. If Abhinav needs to send something else to Jaya soon(maybe a loveletter this time), Abhinav will obtain Jaya's MAC address from his own ARP cache.

Hope this will clear most of your doubts relating to networks basics . This is an important tutorial for those who are trying their hands on wireless LAN hacking . A small basic knowledge can help you fix big problems . The focus of my next article will be to deal with ARP poisoning.

You can add your doubts and suggestions below.

DARKLORD!!

Support HackingAlert By clicking the adds below -

Read More

Learn Hacking with Webgoat Hacking Lessons - The ultimate learning Application

I get lots of mail from people asking how can they learn hacking and where can they test it and so on. my answer to them is that "you have the whole web to learn and test your hacking skills" , provided you dont break the limits. Hacking should always be to get good out of it . I love the recent Crome advertisement on TV which says "the web is what you make out of it" . This a completely true statement .

Few days back I came across a very intresting application designed in JSP and Servlets that contains lots of practice lessons for hacking . The lessons cover all the basic and advanced techniques with hints and solutions and gives you a very good understanding of real time hacking . I feel that all the biggeners and even the experts hackers should defiantly give it a try as there are lots of things to twist every level of hacker. 

I myself enjoyed the lessons alot and really enjoyed hacking them . And the best part is that you also have a scorecard to monitor your performance. The project is developed by OWASP and can be found at this link - OWASP-WebGoat . 

The link contains all the information about downloading and installing it . The user should have some basic understanding of Tomcat server , JSP , Servlets , Javascript,Ajax and of-coarse Hacking .

You will also need an additional tool called webScarab whose link is provided in the webgoat application itself and you can find a complete tutorial on webscarab here - Intercepting WebScarab request/response using Webscarab to hack web applications.

The installation and usage is simple and you can find complete documentation at the above mentioned link .

All enthusiastic hackers should try out the lessons as it will give you lot of practical exposure. 

In case you face any technical difficulty ib lessons or installation then feel free to add your problems here in the comment section and I will try to help you out .

Do give a try , you will surely love it .

Happy Hacking.

DARKLORD!! 

Read More

Why Google+ needs a poker application?

Google+ is out from quiet some time now there are lots of speculations going around about how fast or slow it is growing . people say that it is coping Facebookand other popular applications on the net and so on .

What I personally feel is that the only thing that Google+ wants to steal from facebook is the addiction that the users of Facebook have towards its huge list of popular applications.

It has been seen that more than 50% of facebook users come to Facebook just to play their online games. the fight for credit and the addiction for these applications is currently driving the biggest traffic for facebook .

Some of these popular applications include farmville , Zynga poker , Mafia wars etc .

There are a lot of people who stay online for hours to bet on their credits and play online poker and other cool applications . These applications have created a whole new world of real time analysis of Casino strategy and new tricks and techniques of game playing . 

Infact the popularity of online casinos is not only limited to just facebook , it has grown bigger and unlike facebook , they involve real money and credits. lots of Mac Casinos  can be found where people are sticking actively to these cool games and is now a major source of web traffic. 

So i feel Google would not neglect this issue as well . If they really want to be a Facebook killer then they will have to bring about the same addiction that facebook users have for their applicatioons.

Since its still in its initial phase , we might see lots of wonders coming from the Google+ team . We never know when google can completely change the face of the way we play poker today .

Read More

Hacking Online Shopping Carts and online survey sites- A HackingAlert exclusive!!

DISCLAIMER : I , ABHINAV SINGH DID NOT BREACH INTO THE SECURITY MEASURE OF THE FOLLOWING WEBSITES : IBIBO.COM , AVISOMART.COM,FLIPKART.COM .

I ONLY TESTED THEIR SECURITY MEASURES. THE AUTHOR IS IN NO WAY RESPONSIBLE TO ANY DAMAGE. tHIS ARTICLE IS ONLY FOR EDUCATIONAL PURPOSE.

There are a lot of shopping portals and websites picking up pace in India right now. But they are still not receiving the type of response they should be getting . American and European online shopping giants are among the  leading web companies currently but the scenario is different in India . People here are still stuck to the believe that they do not provide quality goods. They are only popular in metropolitan and big cities . 

The article is not about their popularity but their security . How secure are these websites and how secure is their payment gateway .

I went on to carry out my penetration testing on all popular online shopping websites. 

The point where all were strong was the payment gateway and the reason behind it was that the payment gateways are solely managed by the respective bank you are using for the transaction .

But what about the other security measures .

 Flipkart was all clear ,they are doing a good job in security measures I must say . But there were  some small flaws in other popular sites( I wont take the name) . I have reported this to the admins about the flaws and got response too. I was fortunate enough this time , but I am  still waiting for the response from my previous exposure of security flaws in Dhoni's , Priyanka chopra's and Priety Zinta's official websites.

I wont go into very detail of various penetration testing I applied on these online shopping websites but the front where I found these website vulnerable is analysing the HTTP headers.  

Consider these two images and note the price of Blackberry phone in my shopping cart . In top image it is 12,100.00 Rs and in the lower image its 121.00Rs . So how do you think the deal is!! Blackberry at Rs 121 only.

No I am not kidding . Infact as i proceeded to the payment gateway still it didnot make a final check weather i have modified the headers or not . It simply allowed me to buy this phone at Rs 121 only . 

By simply intercepting and working and analyzing closely the HTTP request and response that was transmitted during my penentration testing , I could figure out mechanisms to break them . 

Web developers hardly try to keep a check on the values that an authenticated user is sending . All they worry about is to make the authentication secure but in the mean time they forget how important is validating the request of an authenticated user as well. You wont find such security flaws in any top online shopping websites of America or Europe. 

Here I will also show how online survey websites can also be tricked upon to increase your survey money. 

Earning money through online survey is currently very popular in India but they are currently the most vulnerable systems online. I have an account on a survey website too. I simply hacked it to increase my earnings without even submitting my survey . Also I went on a step further to hack the servers to add free 100$ payment point in my account and even successfully transfered it to other account .

I do not understand why the hell these websites impliment captcha and other security measures when they have even bigger threats than spam open to be breached. 

Anyways the issues have been patched in most of the websites I have reported about.

Atleast these companies are not completely ignorrant like our government agencies who have so many loopholes still opened thatswhy I never posted any information about them as It can be a matter of National security. 

I still suggest to all my readers and friends that we are in a world that is largely goverened by the web so we must contribute to make it a better and healthier place . We cannot be evils and destroy the wonderful creation of mankind. Developers , coders , companies put in lot of effort to bring services at the click of fingers for its users but some Dark Hackers try and exploit the weak areas and disturb the whole service. Instead the should work actively to build a better web . You know what inspires me the most these days?? The new add campaign of Google crome - "THE WEB IS WHAT YOU MAKE OUT OF IT" .

Its simply very true. Thanks for reading . Please add your valuable comments for improvements and suggestions.

DARKLORD!!

Read More

Intercepting HTTP request/response using WebScarab to hack Web Applications

Hello Friends.

Recently I am really busy with my interviews in different companies. But there is always a new thing that you can learn from everything. Though my tough time has not yet ended but still I took out time to write this post as there is somthing new that I learned while I was preparing for one of my interviews for MicroWorld that is amongst the leading companies in the field of Network Security.

The best thing I find about hacking is that you have the whole internet to practice so I was hitting my keyboard hard to practice my knowledge of intercepting HTTP request and response headers . I will explain you how the entire process works but the thing that disappoints me is that the security features in Indian websites is still very lame. Though there are websites who have really good security measures but there counting is limited .

So we will understand how we can intercept the HTTP request we send to a website and how we can analyse the response header.For this purpose we will use WebScarab which you can download from Here.

After you have installed the setup you will first have to set your browser so that WebScarab can intercept the request and response. 

I am taking the example of Firefox here. Go to options > Advanced > Network > Settings > Then select the Manual Proxy configuration and enter the following values.

HTTP proxy - 127.0.0.1 and port - 8008 

This sets the webscarab to intercept the request by acting as a localhost proxy .

Now you start your webScarab by clicking on the icon.

The screen will appear wired and somthing like as shown in the figure. Click on the figure to enlarge it .

In the intercept tab , select "Intercept request" and in the left hand side menu select "Get" and "Post" options . 

This makes your webScarab completely ready to intercept the HTTP Get and post requests .

Now in your browser type any url , for e.g , google.com and you will get a window that will show the intercepted HTTP Get request. Now if you click on the "Intercept Response" button then it will also intercept the response that is coming back to the browser from the google server.

You can use this technique to analyse the the various request and response headers and let me tell you this can be very very deadly . If you are able to make the right moves and changes in the Headers then you can easily modify the headers to send invalid valuse to the servers .

In the main window of the webScarab , the "Summary" tab shows you the details of all the intercepted requests and response.

This is a short tutorial on webScarab that will give you a basic understanding of how to use webscarab to intercept the HTTP values and analyse them > Rest is upto you how far you can take it . 

To see how far I went read my next blog post on "how to hack online shopping carts" . 

In case you have any difficulties using WebScarab then please comment here . I will try my best to solve it .

DARKLORD!!

Read More

5 Coolest Things to Try on Google+

Tweet
Travelling in Indian railways is always boring to me specially when you are alone . So i switched my attention from my nearby uncle who is struggling with his small kids onto my android device to check some news.

My feed was completely filled with articles of top bloggers and experts who are actively writing on the recent hot launch , Google+ . So I thought to join the pool with my post so here I am bringing you 5 cool things that you can try on Google+.

1.Create a "Drafts" circle for unfinished posts

Google+ allows you to write really long posts if you want. (Just ask Robert Scoble.) If you're working on one and don't have time to finish, create an empty "Drafts" circle and only share the post there. You can go back and edit the post when you have time and share with your other circles once it's complete.

2.Mute notifications on one of your posts

If you're getting a lot of activity on a post, it can be annoying to get constant notifications. To mute notifications on a single post, open Notifications, click the notification you want to mute, and click "mute this post."
Simply an amazing concept. I would extend my thanks to the development team for adding this feature.

3.Conduct a search within Google+ (Chrome only)

What if you remember seeing a post on Google+ but can't find it again? You can set Google to search only Google+ from your Chrome browser. These steps may be a bit complicated for the average user. Here's what the guide says to do:

Open URL: chrome://settings/searchEngines

Add new entry with the following values:

Search In Posts:

• Column 1: Google+ Posts
• Column 2: post
• Column 3: {google:baseURL}search?q=site:plus.google.com inurl:posts/* %s

Search For Profiles:

• Column 1: Google+ Profiles
• Column 2: profile
• Column 3: {google:baseURL}search?q=%s&tbs=prfl:e

(Search for profiles)

- Column 1: Google+ Profiles

- Column 2: profile

- Column 3: {google:baseURL}search?q=%s&tbs=prfl:e

4.Import your Facebook contacts to Google+

Facebook has been systematically blocking browser extensions and apps that import your contacts to Google+.

Luckily, there's a way around that if you have a Yahoo e-mail account.

Yahoo lets you import your Facebook contacts, which can then be imported to Google+. Next, use Gmail to import your Yahoo contacts. From Gmail settings, select "Accounts and Import." You can then log in using your Yahoo credentials and pull in your contacts from there. The contacts will automatically show up in Google+.

It's a few extra steps, but it'll have to do until Facebook and Google learn to play nice with each other.

5.Formatting tips: bold, italic, underline, and more

Google+ uses the same formatting commands as Google Talk does within Gmail:

_ italic text _ ➜ italic text

* bold text * ➜ bold text


- strikethrough text - ➜ strikethrough text


_*italic bold text*_ ➜ italic bold text

If you havent tried out any of these then try soon . You can also add any cool feature that you discovered in Google+ in the comment bar or mail me at abhinavbom@gmail.com.

DARKLORD!!

Read More

The biggest problem with Google+ "Circles

Tweet

Hello friends.I am skipping my hacking article to post somthing that is technically more read out currently . Its about Google+.

Its been around 2 weeks since google+ has been launched and the battle between who is better,who is secure blah blah has started. Well its a never ending debate on weather google is better of Facebook or Microsoft or any other company. Recently my friend Shubham Kant posted a status on his facebook wall that google+ is simply old wine in new bottle . I jumped into commenting against him and favouring google. I was quickly analysing his comments and building up mine. During this discussion I found an intresting thing that can b a negative point about the google+ Circles which lies at the core of this new social app.

Lets start with wat google defines its Circles with- "You share different things with different people. But sharing the right things with the right people shouldn't be a hassle. Circles makes it easy to put your friends from Saturday night in one circle, your parents in another and your boss in a circle all on his own – just like in real life."

Impressive and cool defination . In simple words they are trying to build up the concept of groups through circles.

Just like there are groups in Facebook similarly G+ has circles.

But the issue is that the circles are "one way" . You dont know in which circle I have added you and I dont know in which circle you have added me. 

But the actual meaning of group is that every person of the group is aware of every other person within it .

They can see what other members have shared . So i feel here lies a drawback . Though this issue can be resolved easily if you have played well with G+ .

I dont know weather google has any plans to launch any other group feature in the coming time or not but I feel they are failing in the task of presenting a symmetric grouping through circles.

DARKLORD!!

Read More

Want Google+ invitation ? Come to HackingAlert

Tweet

Hello friends. I have been out of blogging for some days as I am a bit busy with a new hacking stuff. Its a great new thing that i have learnt and will be posting about it soon . 

As you all must be aware of google+ , The new social platform that google has launched . 

Currently it is in the initial testing phase hence not yet available to public and it will take around one month more to be publicly available . 

I thought of giving a gift of free invites to my readers and blog followers who want to feel the heat before others.

All those who want an invitation can post their email address in the comment under this post . I will send you invitations soon . Hope you will love the experience..Stay tuned for an in depth analysis of G+ soon.


Please Help the community of HackingAlert grow by liking out page on Facebook . 


Like HackingAlert 

DARKLORD!!

Read More