FACT-IN-HACK

Penetration Testing

2011-10-08T00:08:00.001+05:30

Hello all,
This video is an example of performing manual penetration testing on a network.

Facebook login security

2011-07-16T01:22:00.003+05:30

Hello, I was just going through what improvement have our Email providers and social networking sites had done in recent past. I first looked into Facebook which is the most happening social networking site in the world. I felt happy when they brought some methods to stop hackers logging into someones account even though you have their login details. This works by the Geo IP location, say If I had logged into the account from USA today and I have been using this profile from Australia for the past 3 months, I will be challenged with the new security measure introduced my Facebook.Below is the step by step procedure of this process.

Step 1: type the hacked username and password as normal, but you will get the following mesage as shown in the picture. Click continue.

Step 2; Type the text shown in captcha as shown below

Step 3:you can see the tree option to prove your the owner of the account.

Step 4: Here you need to select any one option but unfortunately all three options have some drawbacks.

option 1: "Identify photos of friends"
The way I tried is, simply doing some social engineering or in simple words studing the profile of the account you are trying to hack.

All I did is, made a search on my Facebook account for the email which I am trying to hack. That will bring back the profile holder of that mail id, then yu just need to go to his friends list and start to search for the name that has been given as the option 70 % of the user has the habit of using their picture as the profile picture so you can straight away compare the picture on the option and the profile picture of the person you are looking for if both matches you can select that name and move on to the next picture. If you identify 5 person on the 7 slides you will get into the account.

This method can be done by anyone and if the account you are trying to access is your friend it is much easier, you can pass through this security test.

Option 2: "Answer the security question"
Again it more about profiling the individule and we can make out very easily.

. Option 3:" Use your mobile phone"

. This is something like what gmail has, since they realized the loophole in that they had now went to two step protection which is safer at the moment. We will discuss about that next time. Let me give you a scenario, if you are sharing your house and you had left your mobile at the couch and you went to get some coffee, person next to you can easily go for this option and get the access code and reset your password by the time you come back.

Remember most of the time the person who want to hack you account is the person you know well. I also suggest people not to use your photo as the profile picture and change your account settings so your wall and photos are not visible to everyone. So I still think Facebook should improve their security. What do you guys think about this??

HOW TO CRACK THE HASH

2011-06-05T13:39:00.000+05:30

Hello friends,

On my last post you would have seen how to hack the SAM file which will save your password in hashed form. I this video we will see how to crack those hash.

HOW TO HACK ADMIN ACCOUNT FROM SAM FILE

2011-05-19T17:34:00.015+05:30

Hello all, today we will see how we can hack the SAM file which will contain all the system user password.

I am going to explain with a real time example now, I had hacked into a Windows server but the account I got is guest account, so I need a account in that system which have admin rights so that I can penetrate into the network.

Watch this video to know how to do this..

We will see how to crack those hash which we got using this tool in my next post.

BACKTRACK 5 DOWNLOAD

2011-05-11T14:43:00.003+05:30

Hello friends ,

Offensive security has released the most awaiting Backtrack 5 on 10th May 2011.
I had also left the link for you guys to download backtrack 5 through my blog please go to TOOLS page or simply click here TOOLS. The official website is becoming slow so I thought you can do it from here.

I will play with it and will come back to you with the useful tools in it and how good it is from BT 4 r2.
Keep visiting my blog for more. On my next post you will see how to hack a Hyper V web server.

Backtrack 5 iso download

HACKING YOUR COMPUTER IS, HACKING INTO YOUR LIFE!

2011-01-23T02:02:00.006+05:30

HI guys,
                 This time I am going to given an scenario where an hacker had hacked your system and how he can turn your life into a real shit!

    It doesn't matter what OS you have or what anti-virus you run, you will be owned by the hacker if you don't have some commonsense.

    You may think nothing major can happen to my life at most you may loss all your data in you pc but it doesn't stops there. No one need you 100GB of data. A real hacker, all they need is a machine which can work for him any day, any time at any part of the world.

There are lot of vulnerable on most of the commonly used application on your day to day life like Adobe reader, Win amp,Quicklime, Itune, MS office or your browser . One example I Am going to talk about is your browser, you can't avoid this when you are using internet.

Ok how does this going to affect my life?

Here is the scenario, you have connected to internet and your system had fell into the hands of an hacker.
.
Do you believe me if I say an hacker will come to know what you and your family members doing in the room or what you speaking with them in case if it is a home PC or he can come to know whats going on in an office environment without your knowledge.

OK how many of them use Skype or any messenger?? 9/10 people so you should be having a mic and a cam connected to your system almost every time it is connected to your pc in case of laptop it is with you where ever u carry your laptop..

Yes an compromised PC can be used even to spy on your location. The attacker can access your web cam and also your microphone and he can save it remotely.

Imagine that you are speaking with you partner about a banking detail or anything, the attacker will hear and he can later use the information that you spoken. He can even click an snap of you and post it on somewhere. I can create a fake Id card, driving license.

This type of hacking will be more serious if the hacker is near your house or sharing the house or internet. If I need to steal your bike from your house I can listen to the conversation you had and find a time when no one is at the house.

You will not have any suspicious thought at all, you believe my PC or laptop is in logoff mode but you still didn't shutdown ,so the remote hacker can connect and still do what ever he wants. As I said before, they all need a slave to work from them,may not you data, so they will install some program on your system which will try to help him to hack many more system from there. Even if some one finds that his system is been attacked the police is going to question you not the real hacker.

Countermeasures:

You have to disconnect your web cam and microphone from the jack when you are not using it.
Turn you internet router or modem when your not in need of it.
I would say it is best to turn your PC.
Always update your OS and the antivirus it will help you at least when they had found the threat signature.
Keep checking you log for any user login, you can do it by looking into the event viewer. If you find someone had logged in you can trace from which user name they had dialed in.
Hacker mostly use the same account detail that you have, so it is worth changing the password every month at least every 2 months.
Check your cpu usage and process running on your system. If you find some suspicious process running on your system please end the task.

Web Vulnerability Testing

2010-12-22T06:02:00.009+05:30

Hello friends,

This is the time to revel the Vulnerability on one of the website. This site had Xss vulnerability and I was able to access the admin page.

This video is to bring awareness to the web developers.

No one in this world is master, so always be a student to reach high.

Firewall Hacked

2010-12-18T05:59:00.002+05:30

Hello friends,

This video is just to show how the firewall/ IDS works and the feature that Fortigate's IDS has in it. I couldn't show much on this video since this is an hacked device, so I can't do much changes to it. Please don't try to hack this device since the admin has been informed about this and they have changed the policies now.

OUT LOOK:

DETAIL:

LAN Hacking

2010-11-15T17:29:00.001+05:30

Hello everyone this time i am going to refresh about LAN security again, this time I am going to explain with one of the security tool called CAIN & ABEL.
As a beginner I would suggest you to play around with two tools WIRESHARK and CAIN&ABEL. I had done some videos where I had used these tools.

Before I move on I would like to give a overview of this tool. CAIN & ABEL is a tool which allows us to easily recover various kind of passwords which is dumped in the local system. This tool is supported only in windows platform. This can also be used for decryption of hashed keys. Other main feature of this tool is to, scan for live hosts.

This tool can also used for sniffing the data across the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks. We can also record the VoIP conversations, recover wireless network keys, revealing password boxes.

If you want to study about protocol then hangout this weekend with Wireshark. There are lot of manuals to work with Wireshark.

VULNERABILITY IN SHOPPING CART

2010-10-19T03:01:00.014+05:30

Hi guys this time I am here to show one of the issue with the web developing vulnerability. I am going to show how one can play around with simple tool to enumerate a vulnerability in shopping cart...
Most of you may know how the communication works between the server and browser. There are two main steps in communicating with the web server, those are GET & POST. I am tampering the data before it reaches the webserver and I am getting back the request according to the request I made.

We can simply prevent this by using encrypted value rather than the plain text. Web developers should also need to concentrate on the web security as they do for outlook of the page while designing a page.

This is for educational purpose only...

GMAIL GIVES WAY TO HACKERS

2010-05-15T08:48:00.001+05:30

All security measures will have loophole in it, to prove this we will see a case here.
Google had created many user application and gadgets for the benefit of user but these applications and features also turn back as a security threats. One such is 'Google hack'
witch is nothing but using the popular search engine to get the unsecured cam in the internet by using the search codes like inurl:view/indexFrame.shtml and more queries like this we can also see a unprotected admin page, password file in a FTP server and many more. In my next topic we will see how this will lead to hack a router. Similarly now I came across with another security hole in a gadget in a GMAIL.

If you login to your mail, after loading the page at the bottom you will find few details in small font like you see in this picture below,

.
You will find a detail about your total capacity of the mail and the used space, next to that you will find a statement "LAST ACCOUNT ACTIVITY 1 HOUR IP: 111.111.111.111 WHICH IS YOUR PUBLIC IP WHICH YOU USED LAST TIME TO LOGIN and next to that you will find a link DETAIL here you can see the last 5 login sessions and ip address used and the type of service you have used to open the mail.
This service is given by gmail to know is some one had accessed your account or if you have opened the same account in any other device like mobile or in different browser we can close those sessions. Just imagine if some one shoulder sniff this detail or ur account is been compromised by a hacker he can come to know about the IP address if the last five session has been from same ip he will come to a conclusion that this ip should be your personal system's IP and if that user unfortunately uses the same username and password for his orkut he can sign in and he can get the personal information from his profile and use that for getting through your personal computer, most user use ther name or date of birth or even same password of the mail to their PC's login details, so this will be very easy for the hacker to get into the system remotely.

If the hacker come to know your private ip address he can scan your system for the vulnerability and compromise your system.

So be sure you are alone when you check your mail for at least still Google come to know about this threat.

What is Distributed Denial Of Service ( DDOS) PART : 2

2009-12-27T04:06:00.002+05:30

In my previous post you would have read about smurf attack which is one of the method to cause DDOS attack.
Now we will see another type of attack called TCP SYN attack. Before talking about TCP SYN attack we have to know how TCP communication will be established.

When a two user need to communicate with each other through TCP connection there will be a negotiation between two system, the diagram below will explain you how it happens.
First, the client will send the SYN packet to the server and the server will reply back with SYN/ACK packets to the client and then client will reply back with the ACK packets.

Now lets see how the TCP SYN attack works, the attacker will keep on sending the SYN packets and the victim will be sending SYN ACK packets back to SYN packets. Now the attacker will not respond back to the SYN ACK, so the resources will be wasted and the bandwidth will be utilized a lot and the legitimate user will not be able to communicate with the victims system.

who is watching you

2009-12-14T18:40:00.003+05:30

Hi readers I found this video interesting hope you too enjoy it.

How to stop phishing attack

2009-12-01T22:55:00.001+05:30

Recently I read an article about phishing attack.

Most of the international banks use various level of security not just your username and password to get into your account through online banking.

Levels they use for authentication:

1) The first level authentication used to enter was the user name and password.

problem-> If the webpage is not secured i.e is not using ssl it is vulnerable to packet sniffing.

Solution-> Bank used encrypted channel using SSL.

2) The second level authentication used is to enter the security pin.
3) Bank introduced another level of security by providing a place to enter your security word or number which is different from the username and pin number.

Attacker was intelligent and found a attack called phishing.
As we already knew, phishing is a fake webpage which is a mimic of the original webpage. Now the attacker try to bring the victim to this mimic webpage some how and the user will enter all this details, since it is looks similar and also the webpage is SSL secured the user will don't have any doubt. Now the attacker has all his information.

Problem-> How to identify the phishing site

Solution -> Always check the certificate issued by the CA where u can find in the url with a symbol of lock some time it would have been highlighted in green color. This solution is for computer savvy but for normal people??? ok there is an another solution this solution just in case you get into those web page through some link which u get through your email, Ok now always type all your details wrongly and check whether it is authenticating or not, if it is authenticating with your wrong account details or username and password it is sure that this web page is fake or phished.

No matter how many pin and password or security question we ask still its going to be same. The attacker will get it if you don't identify the fake web page.

At the end of the day the bank need to save your money, so they have brought a final level of security to protect your money being transferred to the hacker account. They have decided to design a device which will be given out in free of cost to all their customer. This device will be used only in the time of transferring the money, when the client need to transfer the money to a person it will ask the detail of the receiver and also a special key which you can get only from the device. This device will generate a key and you have to enter this key in the details of the receiver, on next time when u need to send money to that user it will ask the user to enter a particular number in your device and that device will generate a different number and you have to enter that number, now the bank will verify this key and the set of keys which is already created with the help of key which you gave during the time of creating the receiver details.

In this situation the attacker though has the full access to the online banking he can't transfer the money to his account. This device will be unique from other and to activate this device you need to have your debit or credit card and you have to enter the pin same as you do in the ATM machine.

By this way you can improve the security and stop hackers from stealing you money.

To add further security we can use finger print authentication for online authentication, and to put this final authentication process as first so the pin number will be keep changing each and every time and even the attacker gets his pin detail on next log in he has to type another pin which can only be done with the device.
I can understand it's going to take long time just to transfer some money but this is all for your security to your hard earn money.

My solution is to deploy this method in developing countries.

Thank you for reading. comments and suggestions are welcome.

What is Distributed Denial Of Service ( DDOS) PART : 1

2009-11-30T23:05:00.003+05:30

Hi readers this time it is about another very important topic and very serious issue in the field of networking.

Distributed denial of service DDOS it's a type of attack which cause a huge damage to the network. In this type of attacks it is impossible to trace back the attacker.

If we talk about DDOS attack then we need to know some thing called DOS attack which is denial of service.
DOS is an attack in which the attacker attack the victim directly through any of the attack methods. In this case the attacker can be traced back or in other words he can be caught for doing that attack, whereas in the case of DDOS attack the attacker is very safe behind some one.

Let us see the various attack methods which is used in both DOS and DDOS attack.

* Smurf Attack:
This is a normal and easiest type of attack which doesn't required any special software. Basically this attack is done by sending numerous amount of ICMP packets ( Internet control message protocol). This packets are mainly used for doing Ping and trace route. This type of attack is done just using the command prompt or shell. in unix based system.
Most of them knew this command called PING and this is the command which is used to do this smurf attack. I am not going to give the command here I am leaving it to you to do so search.
The logic behind this attack is sending this ICMP REQUEST packets to an system with someone's IP address for example: I am the attacker and I am sending ICMP REQUEST packet to an server say Google.com but with the source IP address is your system, now the reply from Google.com will reach your system rather to my system. If this ICMP REQUEST packet is send numerous number to Google, Google will also sedn the ICMP reply packet to your system.
This method is also can be reversed, if you want to attack the Google server in this case the attacker will send the ICMP request packet to you with the source IP address as Google.com now you will be sending the packets to google but actually the request is send by me. Now the attacker is not known to the victim since there was a third person sending those packet
Here is the illustration of the attack.

So if single person used as third person to do this type of attack it is alled DOS attack instead if there where 1000 or more pc doing the same job it will become an DDOS attack. Attacking single server or user with thousand or more user where the attacker hiding behind this actual attack is called DDOS attack.

By doing this attack what is the impact or the final result??
OK the outcome of this attack is to overwhelm the resource which the victim has. for example the bandwidth will be exited or it will create more traffic to the particular server.

There are several other type of attack which is used in the DDOS attack which we will see in the next post. Thank you for reading. please comment and give your views.

WHAT IS SPOOFING

2009-11-29T03:51:00.004+05:30

Hi readers, in this post your about read some thing interesting topic which is nothing but spoofing.
Spoofing is simply changing the original data with the fake one. Spoofing can be done in different area. I am going to talk about few of those.

1) IP spoofing

2) web page or URL spoofing

3) Mail ID spoofing

4) MAC address spoofing

IP spoofing is done simply by changing the original ip address with a fake IP using many softwares.
This is mainly done when the attacker need to listen to the packets flowing between two users in the network, simply known as 'MAN IN THE MIDDLE' attack. Here the attacker interpret as a legitimate user and gets his data from the responder.

URL spoofing is other wise well know as 'PHISHING'. Here the attacker give little more effect to get his data from the victim. The attacker need to design a webpage which looks and feels similar to the original web page, this can be done as simple as in few mits just by grabbing the source code. now they just need to edit the source code to change the destination link and the database link. Then they will be hosting their page in different server even for free. Always when you click a link plz look at the address bar and also at the loading bar which is the left bottom corner of the browser if you find a different web page name rather than the registered website please don't submit your data in it. This phishing attack is mail done for the online banking website and also for the mail providers website.

Mail ID spoofing is another commonly used and easy way to do again this can be done with many sofware which is of free of cost and also, If a site has configured the mail server to allow connections to the SMTP port, anyone can connect to the SMTP port of a site and (in accordance with that protocol) issue commands that will send email that appears to be from the address of the individual's choice; this can be a valid email address or a fictitious address that is correctly formatted.

Most common mail which every one would had at least received once is " congratulation you have won 10000000 USD DOLLER" which is one type of spamming but still those people use the spoofed ID to claim them self as the legitimate company .
To check this, if your gmail user go to tha mail look for a down arrow mark near to reply and look for ' SHOW ORIGINAL' it actually shows the message ID, authentication detail, domain name of the SMTP server and other detail about the user. If you study a bit about the header file we can come to a conclusion. This is bit hard to non tech people but still it's a method to find out.
ADVICE: Never reply to an unfamiliar mails. No one is going to give money for doing nothing, so please ignore those.

MAC address spoofing, yes believe me it is possible. Few people say that we can't change the physical address of the NIC i.e MAC address, but it's wrong.
In Microsoft's OS it is possible simply by changing the value of the network driver in the registry file.
I will tell you how to do it in XP which I tried out.

a) Go to Start -> Run, type "regedt32" to start registry editor. Do not use "Regedit".

b) Go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}". Double click on it to expand the tree. The subkeys are 4-digit numbers, which represent particular network adapters. You should see it starts with 0000, then 0001, 0002, 0003 and so on.

c) Find the interface you want by searching for the proper "DriverDesc" key.

d) Edit, or add, the string key "NetworkAddress" (has the data type "REG_SZ") to contain the new MAC address.

e) Disable then re-enable the network interface that you changed (or reboot the system).
or
simply use some tool to do those. Google it and also let me know.

In LINUX

It's only a three step process

a) Bring your interface down= ifconfig eth0 down

b) Enter new mac address= ifconfig eth0 hw ether (00:00:00:11:11:11:11) or any

c) Bring back the interface = ifconfig etho up

About MAC OS

Under Mac OS X, the MAC address can be altered in a fashion similar to the Linux and FreeBSD methods:
sudo ifconfig en0 lladdr 00:01:02:03:04:05
or
sudo ifconfig en0 ether 00:01:02:03:04:05

Hope this will be informative for you people. Thank you for reading.

Recent attack on a netwok and the preventive measures.

2009-11-24T03:33:00.005+05:30

Hello readers, this time I am going to show how to design a network and safeguard your internal network like web server,ftp server and other system from attacker. Recently there was an attack in an educational institution
which is due to improper placement of firewall and improper configuration of the router.
This picture will show the network setup of an attacked network.

ok as the figure indicates the WAN link is the interface through which the user in the internet connect to the network. and the gateway here is ROUTER and the other interface of the ROUTER is an local IP or internal network's IP.

When ever you design an network the firewall should be used to protect the network , even though we use an firewall it is not still safe, because the protection of the networks depends on placement of the firewall, i.e placing the firewall outside the network or inside the local area network.
Most of the attacks where done from outside of the local network than the internal network attack, so the firewall should be placed outside the network as shown below.

Recently one such attack had been took place to an university by compromising the cisco router, which was acting as a gateway and the firewall was placed inside the local network.

The idea of the admin was to allow all traffics to get into the local network first and then to block the unwanted packets but, he didn't think what will happen if the router have been compromised or an DOS attack takes place. The cisco router which they used was not configured securely and the router was given remote management access which is vulnerable. The admin should have placed the firewall outside the LAN and blocked the unwanted packets and services first and then left it into the LAN.
Now since the router have been attacked the whole internal network had been isolated from the internet, but the interesting part is no one in the internal network will come to know that their web server is down since its in the same network they can access with in the network

Measures to be taken:
* As I said use the firewall as the gateway, which prevents all most all possible attacks.
* Change the default password and settings in all the device.
* Don't allow any service to the device to manage it from remotely ; close telnet, SSh, HTTP .
* Enable logging on the router to trace out the attacker and to know what went wrong.
* Monitor the network 24*7.
* Recruit talented and knowledgeable IT admin. Admin need to keep updating their knowledge and should be aware of possible attacks.
"Secure the network to save your country"

In following week we will see how to configure the cisco router securely and protect from hacker.

How to boot any OS from your USB

2009-11-12T20:17:00.001+05:30

Hi readers, This time I am going to share some informative things to you people. Do you people use different OS in your PC or laptop ?? OK here is a easy way to boot your OS from your USB.

Things you need
* A USB with free capacity of 4 GB or more.
* Any OS setup CD or setup file.
* PC running with windows and command prompt.

OK now let me give you the steps you need to follow.
1) Type cmd in run.

CMD->diskpart
Diskpart> list disk

select the usb disk name
then type following in diskpart>

diskpart> select [name of the disk wanted to erase(Disk 0 or Disk 1 what ever)so the command will look like "select disk1"]

clean
create partition primary
select partition 1
active
format fs=fat32
assign
exit

Now steps to copy the OS from the setup CD to the USB.

If you need to copy the file from cdrom to ur USB type this in command prompt

xcopy (your cd drive name :\to the usb drive name:/s/e/f)
example: xcopy g:\f:\ /s/e/f

Then u need to go to boot menu and choose include "removable device" for booting at start up.

YOU can also format the usb with other software but this way is to use your command prompt.

I am posting this because there are many OS which you like to try out, so you doesn't need to install in the primary hard disk. Sometime you may get some error while doing a dual boot or you may have un partitioned disk so you can do by this way.

What made you to learn hacking?

2009-10-23T15:52:00.000+05:30

Hello readers this time its to warn you people about the consequence of hacking.

Have you ever had a dream that you getting a call to your house saying " Hey ru trying to hack into our system" or often getting dream about cops smashing into your bedroom door while your hacking a network?? If so, then you must have to watch this documentary. Learn about network security but ever overwhelm the knowledge that you got into wrong way.

Be nice and stay free from jail.

Annaliza Savage - Unauthorized Access (documentary) from MaXe on Vimeo.

How important is your IP address

2009-10-04T18:11:00.009+05:30

This post is to the people who doesn't care about giving their network details in the public. The detail you give out in public is always very sensitive and can be used to do cyber crime with it.

I had explained here about the effect of giving the IP address in the public site and explained what will happen if ur IP address is know to others.

Man in the middle attack

2009-09-30T16:49:00.008+05:30

Hello friends, you can make out from the title what i am going to say in this post. I am going to give a information about this type of attack "Man in the middle".
What is man in the middle?

It is nothing but an attacker who sits in between the two user in an network. Normally the two person will be the user and the router(gateway) in an network. The attacker will try to do few trick and replace the roll of router and he sits in his position.
This is done by doing DNS spoofing, ARP poisoning, IP spoofing and few more other method.
In this attack the user will not come to know that, his traffic is been forwarded through the attacker in the network. The attacker can simply gather information about the user and use it later or attacker can try to do active attack to the user.

The few steps to be taken to prevent this is by keeping your system up to date, using key infrastructure, digital certificate, secure connection like ssl or ssh and using strong password which should be an encrypted password.

User guide:

* Always use your own network.
* Use secure pages.
* Update your system with latest patches.
* If you find your network is slow it can be due to MITM, this can also be false positive.
* Update your anti-virus and firewall frequently.
* Use strong authentication to sign in to a site(which is in hands of your web server).
* If your are wireless user please disable auto connection because the attacker may spoof with his device with same BSSID name that you have.

I will demonstrate an attack that the attacker can do with some tools.

I will also show how the secure web page(USING CA) is safer than the normal HTTP page.

Awareness about the cheap tricks

2009-09-13T04:10:00.006+05:30

Hi readers, this post is specially for newbie and young people who want to learn about hacking. In this post i am going to give awareness about the cheap trick people may try on you.
One such trick is " hack your friends email id"
they will send a funny script like code and they will ask you to type your username and password and the person's username to be hacked, they will ask you to send it to a id something related to yahoo company like resettingpassword@yahoo.com or yahooserver@yahoo.om it can be any ID, these ID's are created by the person them self who said that they have a trick....
( you are sending the password by user self just in the anxious about hacking others ID but the fact is your fooling your self)

This video will explain what will happen if you reply to such emails and how it could affect all your other emails once your single ID is been stolen.
This is for awareness only..

Your not going to earn any thing from hacking others email or system.
Every one like to become hacker for only one reason, TO SHOW OFF TO YOUR FRIENDS, TEACHERS. Think wider... whats going to happen then??? nothing... your friends may speak about this for a month then what... nothing. Later your friends even will fear to use your computer or even they will think twice to give his laptop.

Learn Network security to prevent from the current hackers but don't become one.

If there is 3rd world war its not going to be with the gun or missiles, they going to attack your country just by sitting in one place through hacking your network, its just not going to affect computers its going to be whole country. Most developed country are more depended on the computers, many countries rail system, power supply, navigation system, oil refineries and even the local traffic signals can be controlled and get affected.
So, try to be a cyber soldier for your country...

This video is from youtube he tries to do this trick through video

This video is my demo will show you what happens if you do as above.

Wakeup call for all admin

2009-09-08T04:38:00.004+05:30

Hi friends, one of our reader asked me to write a post on the port numbers and its usage. Before I go on to that post I would like to show you what are the disadvantage of leaving the ports open. Recently while scanning around I found few routers left unattended which is gateway to few organization. These router are still again from Asian continent.

Still Asians need to concentrate more on the network security and protect their organization and as well as their country from cyber terrorist. Next possible type of attack they will be interested may be through cyber. Just imagine if the terrorist had got your government's network that would be a disaster. Please admins wake up soon are it will be late for us.
I shall show you an demo of that now. This is only for education purpose, specially for admin who just work with basic knowledge. Admin has to get updated every hour. Your network is been scanned at least thrice a day (min), so be prepared to fight back.
PART 1:

PART 2:

Does the service provider are aware enough about security?

2009-09-07T15:09:00.002+05:30

Hello every one, today we will see about your service provider's security awareness.

As a consumer you may ask them about price plan and internet speed and other offer but have you ever asked them about your data protection, the answer is NO.They may provide high quality internet service but not a good security policies.

I am going to show you a live demo about the security features
they provide and how far the security is strong enough.

This is only for awareness purpose, though your provider doesn't care about you, at lest have to protect yourself.

I had masked the tool name and IP address for security purpose. Now the default password had been changed, so black hats don't try. Try to protect our nation. Try to spread good thing out of this rather than the evil things.

click here to see my video

Readers may have got confused why did I wrote an article about VMware now in this video you will come to know why. I am using VMware to run the Linux machine which is very use full for using few tools. Most of the tools which is used to do pen test are in cli and Linux supported tools. so please try to use the open source Linux based OS. Next time lets see the unsecured router(Cisco, D-Link) which are connected to an organisation.

How to use VMware.

2009-09-02T21:18:00.003+05:30

VMware is an vitalization software were you can run multiple OS in a single physical machine with out installing into your hard drive.

Here I will give you step by step instruction to install one.

fist go to VMware web site www.vmware.com -> look for products -> desktop product -> to your right side of the page u can see download free trail-> click VMware workstation -> now you have to select which platform u need to install(windows or linux, Mac other)and you need to register with them, which will take few mit. Give your real mail ID because they will send the license key. Follow as the say and download it.

Installing in you computer:
run the exe and finish the setup - hope you don't find any prob in installing if so ask me.

Opening the VMware:
Now go yo home and click create new VM machine -> click next-> select typical-> now select which OS you need to run on the machine. Note: you need the CD or DVD or ISO of the OS which u need to install. If you need to install windows then select windows and select the version, if you need to install windows 7 select" windows longhorn" give next and give a name to the machine say "windows 7". select a location in your HDD and click next.

Using network connection:
Next step is to -> use bridged networking

Disk space:
give disk space according to your usability of the machine once set you cant increase or decreace( its the hdd spae for virtual machine "virtual hdd"). Click next and setup will be over.

Starting VM machine:
Now your machine is set to work but you need to do some changes in setting.
Goto ->Edit virtual machine settings-> click CD ROM in the left side menu.

For CD OR DVD FROM YOUR CD/DVD PLAYER FOLLOW THIS
If you have the cd or dvd of the windows 7 then click "use physical device" in your right side of the setting window called connection. Now click ok.

FOR ISO IMAGE FILE FOLLOW THIS
First you have to know the location of your iso file in your hard disk and now in settings click the radio button on "use ISO image" and browse for your ISO file and select it. Now click ok.

Loading the VM machine:
now press start button or the green arrow.
It will start to boot the image from the CD/DVD or from the image file.

your done now...enjoy
if you need any help ask me...